xtremerat | cfc294b7ca1e9e23484e5466bb2672da84f609ab0ee6450160b4084f960030cb

Analysis

max time kernel
93s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
Size

220KB
MD5

7737022fd54af45023bb81dcf0a27b33
SHA1

8be008b1e685a2007f793bcee2f2d4d17a025461
SHA256

cfc294b7ca1e9e23484e5466bb2672da84f609ab0ee6450160b4084f960030cb
SHA512

cd9bd3bbebe889d5ee1eb36ed0a8f16f1cae1caa29a3715dd8e88d96c0c04880a1015700f6ab51d03ddb0607f548dc6fb33af614edfaa2269d9ff1f06ab9a8cc
SSDEEP

3072:QrK8QOnOKaPI56wVppeppl0hs6m9CdGZ:QrK8zGkm9Cc

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 6 IoCs

resource	yara_rule
behavioral1/memory/1608-2-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-3-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-4-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-5-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2460-13-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-18-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{R3OND7YD-05PX-HNC2-5VKF-N6814R58D1IU}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe restart"	java.exe

Executes dropped EXE 64 IoCs

pid	Process
2888	java.exe
2636	java.exe
2732	java.exe
1096	java.exe
1956	java.exe
1576	java.exe
2828	java.exe
3016	java.exe
2912	java.exe
1300	java.exe
2296	java.exe
2344	java.exe
1404	java.exe
1520	java.exe
2128	java.exe
2400	java.exe
2832	java.exe
2508	java.exe
2796	java.exe
844	java.exe
2844	java.exe
2208	java.exe
1288	java.exe
3028	java.exe
2484	java.exe
880	java.exe
2692	java.exe
1632	java.exe
2700	java.exe
1996	java.exe
2828	java.exe
2112	java.exe
1916	java.exe
1736	java.exe
1424	java.exe
1008	java.exe
2664	java.exe
1504	java.exe
1640	java.exe
2796	java.exe
1960	java.exe
836	java.exe
2052	java.exe
1916	java.exe
2456	java.exe
1504	java.exe
2180	java.exe
3096	java.exe
3112	java.exe
3236	java.exe
3304	java.exe
3368	java.exe
3560	java.exe
3664	java.exe
3724	java.exe
3804	java.exe
3892	java.exe
3936	java.exe
4008	java.exe
4092	java.exe
2700	java.exe
3248	java.exe
3344	java.exe
3456	java.exe

Loads dropped DLL 64 IoCs

pid	Process
1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
2888	java.exe
2636	java.exe
2460	svchost.exe
2460	svchost.exe
1096	java.exe
2732	java.exe
2460	svchost.exe
2460	svchost.exe
1956	java.exe
1576	java.exe
2828	java.exe
3016	java.exe
2912	java.exe
2460	svchost.exe
2460	svchost.exe
1300	java.exe
2296	java.exe
1404	java.exe
1520	java.exe
2344	java.exe
2128	java.exe
2508	java.exe
2460	svchost.exe
2460	svchost.exe
2400	java.exe
2844	java.exe
2832	java.exe
2796	java.exe
2208	java.exe
3028	java.exe
844	java.exe
2484	java.exe
1632	java.exe
2460	svchost.exe
2460	svchost.exe
1288	java.exe
2828	java.exe
880	java.exe
2112	java.exe
2692	java.exe
1736	java.exe
1996	java.exe
1008	java.exe
1504	java.exe
2460	svchost.exe
2460	svchost.exe
1916	java.exe
1960	java.exe
1424	java.exe
836	java.exe
1916	java.exe
2664	java.exe
2180	java.exe
1640	java.exe
2796	java.exe
3112	java.exe
3236	java.exe
2460	svchost.exe
2460	svchost.exe
2052	java.exe
3560	java.exe
2456	java.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\AppData\\Roaming\\win32\\java.exe"	java.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	java.exe
File opened (read-only)	\??\R:	java.exe
File opened (read-only)	\??\T:	java.exe
File opened (read-only)	\??\P:	Process not Found
File opened (read-only)	\??\S:	java.exe
File opened (read-only)	\??\M:	java.exe
File opened (read-only)	\??\R:	java.exe
File opened (read-only)	\??\S:	Process not Found
File opened (read-only)	\??\P:	java.exe
File opened (read-only)	\??\B:	java.exe
File opened (read-only)	\??\E:	java.exe
File opened (read-only)	\??\Y:	java.exe
File opened (read-only)	\??\S:	java.exe
File opened (read-only)	\??\G:	java.exe
File opened (read-only)	\??\P:	java.exe
File opened (read-only)	\??\U:	java.exe
File opened (read-only)	\??\A:	java.exe
File opened (read-only)	\??\U:	java.exe
File opened (read-only)	\??\V:	java.exe
File opened (read-only)	\??\S:	java.exe
File opened (read-only)	\??\O:	java.exe
File opened (read-only)	\??\A:	java.exe
File opened (read-only)	\??\N:	java.exe
File opened (read-only)	\??\G:	java.exe
File opened (read-only)	\??\N:	java.exe
File opened (read-only)	\??\J:	java.exe
File opened (read-only)	\??\P:	java.exe
File opened (read-only)	\??\Q:	java.exe
File opened (read-only)	\??\W:	java.exe
File opened (read-only)	\??\T:	java.exe
File opened (read-only)	\??\E:	java.exe
File opened (read-only)	\??\E:	java.exe
File opened (read-only)	\??\P:	java.exe
File opened (read-only)	\??\H:	java.exe
File opened (read-only)	\??\I:	java.exe
File opened (read-only)	\??\N:	java.exe
File opened (read-only)	\??\U:	java.exe
File opened (read-only)	\??\Q:	java.exe
File opened (read-only)	\??\L:	java.exe
File opened (read-only)	\??\K:	java.exe
File opened (read-only)	\??\O:	java.exe
File opened (read-only)	\??\Y:	java.exe
File opened (read-only)	\??\R:	java.exe
File opened (read-only)	\??\X:	java.exe
File opened (read-only)	\??\K:	java.exe
File opened (read-only)	\??\X:	java.exe
File opened (read-only)	\??\A:	java.exe
File opened (read-only)	\??\H:	java.exe
File opened (read-only)	\??\O:	java.exe
File opened (read-only)	\??\Z:	java.exe
File opened (read-only)	\??\W:	java.exe
File opened (read-only)	\??\S:	java.exe
File opened (read-only)	\??\Y:	java.exe
File opened (read-only)	\??\A:	java.exe
File opened (read-only)	\??\Q:	java.exe
File opened (read-only)	\??\J:	java.exe
File opened (read-only)	\??\Z:	java.exe
File opened (read-only)	\??\S:	java.exe
File opened (read-only)	\??\H:	java.exe
File opened (read-only)	\??\Z:	java.exe
File opened (read-only)	\??\X:	java.exe
File opened (read-only)	\??\P:	java.exe
File opened (read-only)	\??\J:	java.exe
File opened (read-only)	\??\R:	java.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2484 set thread context of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2888 set thread context of 2636	2888	java.exe	41
PID 1096 set thread context of 1956	1096	java.exe	53
PID 2732 set thread context of 1576	2732	java.exe	54
PID 2828 set thread context of 1300	2828	java.exe	74
PID 3016 set thread context of 2296	3016	java.exe	76
PID 2912 set thread context of 2344	2912	java.exe	78
PID 1404 set thread context of 2400	1404	java.exe	103
PID 1520 set thread context of 2832	1520	java.exe	106
PID 2128 set thread context of 2796	2128	java.exe	108
PID 2508 set thread context of 844	2508	java.exe	112
PID 2844 set thread context of 1288	2844	java.exe	139
PID 2208 set thread context of 880	2208	java.exe	146
PID 3028 set thread context of 2692	3028	java.exe	150
PID 2484 set thread context of 2700	2484	java.exe	153
PID 1632 set thread context of 1996	1632	java.exe	158
PID 2828 set thread context of 1916	2828	java.exe	182
PID 2112 set thread context of 1424	2112	java.exe	187
PID 1736 set thread context of 2664	1736	java.exe	193
PID 1008 set thread context of 1640	1008	java.exe	199
PID 1504 set thread context of 2796	1504	java.exe	203
PID 1960 set thread context of 2052	1960	java.exe	231
PID 836 set thread context of 2456	836	java.exe	236
PID 1916 set thread context of 1504	1916	java.exe	239
PID 2180 set thread context of 3096	2180	java.exe	246
PID 3112 set thread context of 3304	3112	java.exe	255
PID 3236 set thread context of 3368	3236	java.exe	259
PID 3560 set thread context of 3724	3560	java.exe	284
PID 3664 set thread context of 3936	3664	java.exe	292
PID 3804 set thread context of 4008	3804	java.exe	295
PID 3892 set thread context of 2700	3892	java.exe	300
PID 4092 set thread context of 3344	4092	java.exe	307
PID 3248 set thread context of 3456	3248	java.exe	313
PID 3824 set thread context of 3108	3824	java.exe	341
PID 3716 set thread context of 3100	3716	java.exe	345
PID 3972 set thread context of 3872	3972	java.exe	356
PID 3092 set thread context of 3788	3092	java.exe	359
PID 3664 set thread context of 3280	3664	java.exe	366
PID 844 set thread context of 3908	844	java.exe	371
PID 1532 set thread context of 4088	1532	java.exe	381
PID 3980 set thread context of 4260	3980	java.exe	544
PID 4136 set thread context of 4348	4136	java.exe	413
PID 4216 set thread context of 4496	4216	java.exe	418
PID 4400 set thread context of 4652	4400	java.exe	518
PID 4528 set thread context of 4712	4528	java.exe	556
PID 4684 set thread context of 4936	4684	java.exe	435
PID 4868 set thread context of 5016	4868	java.exe	537
PID 4236 set thread context of 4388	4236	java.exe	468
PID 4204 set thread context of 4668	4204	java.exe	722
PID 4504 set thread context of 4608	4504	java.exe	552
PID 4700 set thread context of 4892	4700	java.exe	486
PID 4880 set thread context of 4372	4880	java.exe	622
PID 4920 set thread context of 4248	4920	java.exe	494
PID 4556 set thread context of 4740	4556	java.exe	506
PID 4716 set thread context of 5016	4716	java.exe	537
PID 4420 set thread context of 5052	4420	java.exe	805
PID 4204 set thread context of 3708	4204	java.exe	548
PID 4472 set thread context of 4660	4472	java.exe	553
PID 4504 set thread context of 5188	4504	java.exe	563
PID 4668 set thread context of 5316	4668	java.exe	682
PID 5160 set thread context of 5336	5160	java.exe	570
PID 5628 set thread context of 5796	5628	java.exe	607
PID 5716 set thread context of 5880	5716	java.exe	609
PID 5824 set thread context of 6060	5824	java.exe	617

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	java.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
2888	java.exe
2732	java.exe
1096	java.exe
2828	java.exe
3016	java.exe
2912	java.exe
1404	java.exe
1520	java.exe
2128	java.exe
2508	java.exe
2844	java.exe
2208	java.exe
3028	java.exe
2484	java.exe
1632	java.exe
2828	java.exe
2112	java.exe
1736	java.exe
1008	java.exe
1504	java.exe
1960	java.exe
836	java.exe
1916	java.exe
2180	java.exe
3112	java.exe
3236	java.exe
3560	java.exe
3664	java.exe
3804	java.exe
3892	java.exe
4092	java.exe
3248	java.exe
3824	java.exe
3716	java.exe
3972	java.exe
3092	java.exe
3664	java.exe
844	java.exe
1532	java.exe
3980	java.exe
4136	java.exe
4216	java.exe
4400	java.exe
4528	java.exe
4684	java.exe
4868	java.exe
4236	java.exe
4204	java.exe
4504	java.exe
4700	java.exe
4880	java.exe
4920	java.exe
4556	java.exe
4716	java.exe
4420	java.exe
4204	java.exe
4472	java.exe
4504	java.exe
4668	java.exe
5160	java.exe
5628	java.exe
5716	java.exe
5824	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 2484 wrote to memory of 1608	2484	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	30
PID 1608 wrote to memory of 2460	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	31
PID 1608 wrote to memory of 2460	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	31
PID 1608 wrote to memory of 2460	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	31
PID 1608 wrote to memory of 2460	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	31
PID 1608 wrote to memory of 2460	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	31
PID 1608 wrote to memory of 3064	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	32
PID 1608 wrote to memory of 3064	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	32
PID 1608 wrote to memory of 3064	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	32
PID 1608 wrote to memory of 3064	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	32
PID 1608 wrote to memory of 3064	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	32
PID 1608 wrote to memory of 2384	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	33
PID 1608 wrote to memory of 2384	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	33
PID 1608 wrote to memory of 2384	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	33
PID 1608 wrote to memory of 2384	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	33
PID 1608 wrote to memory of 2384	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	33
PID 1608 wrote to memory of 344	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	34
PID 1608 wrote to memory of 344	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	34
PID 1608 wrote to memory of 344	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	34
PID 1608 wrote to memory of 344	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	34
PID 1608 wrote to memory of 344	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	34
PID 1608 wrote to memory of 2124	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	35
PID 1608 wrote to memory of 2124	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	35
PID 1608 wrote to memory of 2124	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	35
PID 1608 wrote to memory of 2124	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	35
PID 1608 wrote to memory of 2124	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	35
PID 1608 wrote to memory of 2616	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	36
PID 1608 wrote to memory of 2616	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	36
PID 1608 wrote to memory of 2616	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	36
PID 1608 wrote to memory of 2616	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	36
PID 1608 wrote to memory of 2616	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	36
PID 1608 wrote to memory of 2660	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	37
PID 1608 wrote to memory of 2660	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	37
PID 1608 wrote to memory of 2660	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	37
PID 1608 wrote to memory of 2660	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	37
PID 1608 wrote to memory of 2660	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	37
PID 1608 wrote to memory of 2716	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	38
PID 1608 wrote to memory of 2716	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	38
PID 1608 wrote to memory of 2716	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	38
PID 1608 wrote to memory of 2716	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	38
PID 1608 wrote to memory of 2716	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	38
PID 1608 wrote to memory of 2720	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	39
PID 1608 wrote to memory of 2720	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	39
PID 1608 wrote to memory of 2720	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	39
PID 1608 wrote to memory of 2720	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	39
PID 1608 wrote to memory of 2888	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	40
PID 1608 wrote to memory of 2888	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	40
PID 1608 wrote to memory of 2888	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	40
PID 1608 wrote to memory of 2888	1608	JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe	40
PID 2888 wrote to memory of 2636	2888	java.exe	41
PID 2888 wrote to memory of 2636	2888	java.exe	41

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7737022fd54af45023bb81dcf0a27b33.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Loads dropped DLL
    PID:2460
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1956
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:848
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1732
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1720
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1864
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1680
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2820
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2256
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Executes dropped EXE
        
        PID:2700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1300
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1292
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1468
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1776
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:764
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1476
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2916
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:580
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3112
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Executes dropped EXE
        
        PID:3304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Executes dropped EXE
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3268
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2400
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2744
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1980
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3008
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2940
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2248
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1400
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:348
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:3908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4868
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:5016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Adds Run key to start application
        
        PID:4740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1288
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:788
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2864
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2320
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2784
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2312
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2880
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1176
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Executes dropped EXE
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3892
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:3280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4684
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Adds Run key to start application
        
        PID:4936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1916
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2740
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2680
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2960
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2388
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:768
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2548
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1232
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3804
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3092
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4528
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:4712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:5336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        Enumerates connected drives
        
        PID:5076
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:5744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        20⤵
        Enumerates connected drives
        
        PID:5668
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:6148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        22⤵
        Enumerates connected drives
        
        PID:6912
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        23⤵
        Adds Run key to start application
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        24⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        25⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:6884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        26⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:8308
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        27⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:8600
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2052
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2804
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2112
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3136
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3312
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3432
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3484
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:3936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3972
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:3872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Adds Run key to start application
        
        PID:4652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4880
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4668
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        
        PID:5316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Enumerates connected drives
        
        PID:5728
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        Enumerates connected drives
        
        PID:5220
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        20⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:6568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        22⤵
        Enumerates connected drives
        
        PID:8112
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        23⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:6996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:8056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:8164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:7568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        24⤵
        Enumerates connected drives
        
        PID:8476
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        
        PID:3724
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3772
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3188
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3404
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3676
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3608
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1644
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3716
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Adds Run key to start application
        
        PID:3100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        
        PID:4496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4700
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:4892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:5188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Enumerates connected drives
        
        PID:4216
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        
        PID:5848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Enumerates connected drives
        
        PID:5348
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Adds Run key to start application
        
        PID:5760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:7092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        20⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:8084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:7972
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        23⤵
        Adds Run key to start application
        
        PID:8440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:8532
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:3824
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3108
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3640
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3960
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3156
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4064
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3256
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3388
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4136
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        
        PID:4348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:5728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        
        PID:6556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        Enumerates connected drives
        
        PID:7644
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:7916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        20⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:8276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:3980
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Adds Run key to start application
        
        PID:4260
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4616
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4828
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5088
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:896
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4188
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        
        PID:6000
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Adds Run key to start application
        
        PID:4452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        
        PID:924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:7104
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:6596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Adds Run key to start application
        
        PID:7748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        18⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        19⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:7960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8492
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Enumerates connected drives
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        
        PID:4388
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4536
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4532
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4368
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4604
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4656
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4404
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Enumerates connected drives
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Adds Run key to start application
        
        PID:5052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5824
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        
        PID:6060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        
        PID:4236
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:5168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6932
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Adds Run key to start application
        
        PID:5332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:7352
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:7616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:7872
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        17⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:7532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4716
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Adds Run key to start application
        
        PID:5016
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4548
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4408
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5124
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5444
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5504
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5560
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5716
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:5880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        
        PID:6820
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:7464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:7960
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:7780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Enumerates connected drives
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5628
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:5796
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5916
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4372
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5256
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2468
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5868
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4204
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5176
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        
        PID:4216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:6556
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        
        PID:6756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        
        PID:6856
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:7644
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        
        PID:8140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5288
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:5052
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2092
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5160
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5732
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5848
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6188
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6296
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6384
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:6940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        
        PID:7324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Enumerates connected drives
        
        PID:6164
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:8008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:8260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:8556
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Enumerates connected drives
      PID:6440
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Adds Run key to start application
        
        PID:6684
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6784
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7060
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6612
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6656
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7012
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5744
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6956
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      PID:4924
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6172
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5400
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6160
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7400
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7664
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7924
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7180
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3708
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Adds Run key to start application
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      PID:7460
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        
        PID:7308
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7660
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8180
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5808
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7644
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7920
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8432
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:3064
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2384
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:344
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2124
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2616
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2660
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2716
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Roaming\win32\java.exe
    "C:\Users\Admin\AppData\Roaming\win32\java.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Roaming\win32\java.exe
      "C:\Users\Admin\AppData\Roaming\win32\java.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2636
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2424
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2648
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2524
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2532
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2584
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2632
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2988
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        14⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Users\Admin\AppData\Roaming\win32\java.exe
        
        "C:\Users\Admin\AppData\Roaming\win32\java.exe"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Hy5rt.cfg

Filesize
1KB

MD5
f636dfc14485fdf68d4e9c5bfb6fd487

SHA1
576312c586f5fa8ad8e1498a75243231bdf9ece7

SHA256
c18005a1736300f6211882acad2eedd027fe961da1c50aa74d6a0e7f7f0bb9b5

SHA512
0b55a96e464f095b46a573b69dbac357b41d6af27ae655e5b7814a9e6f97154686cd193f77fda47eb812e130844bc18de08d77c0db383b951bcdf01832a5881e

Download Submit
C:\Users\Admin\AppData\Roaming\win32\java.exe

Filesize
220KB

MD5
7737022fd54af45023bb81dcf0a27b33

SHA1
8be008b1e685a2007f793bcee2f2d4d17a025461

SHA256
cfc294b7ca1e9e23484e5466bb2672da84f609ab0ee6450160b4084f960030cb

SHA512
cd9bd3bbebe889d5ee1eb36ed0a8f16f1cae1caa29a3715dd8e88d96c0c04880a1015700f6ab51d03ddb0607f548dc6fb33af614edfaa2269d9ff1f06ab9a8cc

Download Submit
memory/1008-190-0x0000000002B30000-0x0000000003624000-memory.dmp

Filesize
11.0MB

Download
memory/1096-36-0x0000000002C20000-0x0000000003714000-memory.dmp

Filesize
11.0MB

Download
memory/1404-85-0x0000000002B70000-0x0000000003664000-memory.dmp

Filesize
11.0MB

Download
memory/1504-198-0x0000000002B90000-0x0000000003684000-memory.dmp

Filesize
11.0MB

Download
memory/1520-92-0x0000000002D50000-0x0000000003844000-memory.dmp

Filesize
11.0MB

Download
memory/1608-18-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-3-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-5-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-2-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-4-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1736-182-0x0000000002B50000-0x0000000003644000-memory.dmp

Filesize
11.0MB

Download
memory/2112-174-0x0000000002C80000-0x0000000003774000-memory.dmp

Filesize
11.0MB

Download
memory/2460-11-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2460-13-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2732-31-0x0000000002BA0000-0x0000000003694000-memory.dmp

Filesize
11.0MB

Download
memory/2828-170-0x0000000002CC0000-0x00000000037B4000-memory.dmp

Filesize
11.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads