xtremerat | ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
Size

196KB
MD5

773da871b8296896ffccb40b5c9bd6fc
SHA1

0060f821272f2d8baa30a91e13dabc4bf72d3289
SHA256

ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa
SHA512

7f8f2d51b0ac63b1d63110996499ddc8df0b3600033822b70e52599525c74e5bc9815de9035c1d990a9764f1a1e9e880f014ce6ae7a32e94a26cec080242e20c
SSDEEP

3072:X/oqgU0ATDs5uHBRI04GIrA+adNbZzXF8v:XwqgU0AsUoPGljXRI

Score

10^/10

xtremerat bootkit discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 9 IoCs

resource	yara_rule
behavioral1/memory/2108-19-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-20-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-21-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-26-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-23-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-22-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-27-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2108-28-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2756-40-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe

Executes dropped EXE 64 IoCs

pid	Process
2780	hub.exe
2632	hub.exe
2192	hub.exe
1296	hub.exe
1136	hub.exe
1400	hub.exe
2796	hub.exe
2508	hub.exe
772	hub.exe
2252	hub.exe
2472	hub.exe
2072	hub.exe
1488	hub.exe
1028	hub.exe
2552	hub.exe
2832	hub.exe
2248	hub.exe
2784	hub.exe
1292	hub.exe
1572	hub.exe
864	hub.exe
2460	hub.exe
2920	hub.exe
1264	hub.exe
2116	hub.exe
2324	hub.exe
2292	hub.exe
1340	hub.exe
2536	hub.exe
2336	hub.exe
3060	hub.exe
1480	hub.exe
2064	hub.exe
1364	hub.exe
1900	hub.exe
2024	hub.exe
1980	hub.exe
1720	hub.exe
2380	hub.exe
1552	hub.exe
2964	hub.exe
2732	hub.exe
1580	hub.exe
1016	hub.exe
2724	hub.exe
2504	hub.exe
2076	hub.exe
2788	hub.exe
2564	hub.exe
1284	hub.exe
1388	hub.exe
2996	hub.exe
1508	hub.exe
972	hub.exe
2524	hub.exe
1700	hub.exe
552	hub.exe
2832	hub.exe
1256	hub.exe
2336	hub.exe
744	hub.exe
1540	hub.exe
3148	hub.exe
3108	hub.exe

Loads dropped DLL 64 IoCs

pid	Process
2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
2780	hub.exe
2632	hub.exe
2756	svchost.exe
2756	svchost.exe
2192	hub.exe
1296	hub.exe
1400	hub.exe
2756	svchost.exe
2756	svchost.exe
1136	hub.exe
772	hub.exe
2796	hub.exe
2756	svchost.exe
2756	svchost.exe
2508	hub.exe
1488	hub.exe
2472	hub.exe
2252	hub.exe
2552	hub.exe
2756	svchost.exe
2756	svchost.exe
1028	hub.exe
2072	hub.exe
1572	hub.exe
2756	svchost.exe
2756	svchost.exe
2832	hub.exe
1292	hub.exe
2248	hub.exe
2920	hub.exe
2324	hub.exe
2784	hub.exe
1340	hub.exe
864	hub.exe
2756	svchost.exe
2756	svchost.exe
2460	hub.exe
1480	hub.exe
1264	hub.exe
1364	hub.exe
2116	hub.exe
2292	hub.exe
2536	hub.exe
2336	hub.exe
2756	svchost.exe
2756	svchost.exe
2380	hub.exe
2064	hub.exe
3060	hub.exe
1580	hub.exe
1900	hub.exe
1980	hub.exe
2504	hub.exe
2756	svchost.exe
2756	svchost.exe
1552	hub.exe
2024	hub.exe
1284	hub.exe
1720	hub.exe
2996	hub.exe
2732	hub.exe
972	hub.exe

Adds Run key to start application 2 TTPs 39 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe

Writes to the Master Boot Record (MBR) 1 TTPs 46 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe
File opened for modification	\??\PhysicalDrive0	hub.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2908 set thread context of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 3028 set thread context of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 2780 set thread context of 2632	2780	hub.exe	43
PID 2632 set thread context of 2192	2632	hub.exe	44
PID 1296 set thread context of 1400	1296	hub.exe	55
PID 1400 set thread context of 2796	1400	hub.exe	56
PID 1136 set thread context of 772	1136	hub.exe	65
PID 772 set thread context of 2252	772	hub.exe	66
PID 2508 set thread context of 1488	2508	hub.exe	71
PID 1488 set thread context of 1028	1488	hub.exe	72
PID 2472 set thread context of 2552	2472	hub.exe	87
PID 2552 set thread context of 2832	2552	hub.exe	89
PID 2072 set thread context of 1572	2072	hub.exe	94
PID 1572 set thread context of 864	1572	hub.exe	95
PID 1292 set thread context of 2920	1292	hub.exe	113
PID 2920 set thread context of 2116	2920	hub.exe	115
PID 2248 set thread context of 2324	2248	hub.exe	114
PID 2324 set thread context of 2292	2324	hub.exe	116
PID 2784 set thread context of 1340	2784	hub.exe	117
PID 1340 set thread context of 2536	1340	hub.exe	185
PID 2460 set thread context of 1480	2460	hub.exe	135
PID 1480 set thread context of 2064	1480	hub.exe	137
PID 1264 set thread context of 1364	1264	hub.exe	146
PID 1364 set thread context of 1900	1364	hub.exe	149
PID 2336 set thread context of 2380	2336	hub.exe	163
PID 2380 set thread context of 1552	2380	hub.exe	165
PID 3060 set thread context of 1580	3060	hub.exe	173
PID 1580 set thread context of 1016	1580	hub.exe	176
PID 1980 set thread context of 2504	1980	hub.exe	183
PID 2504 set thread context of 2076	2504	hub.exe	186
PID 2024 set thread context of 1284	2024	hub.exe	193
PID 1284 set thread context of 1388	1284	hub.exe	195
PID 1720 set thread context of 2996	1720	hub.exe	199
PID 2996 set thread context of 1508	2996	hub.exe	202
PID 2732 set thread context of 972	2732	hub.exe	204
PID 972 set thread context of 2524	972	hub.exe	207
PID 2964 set thread context of 1700	2964	hub.exe	208
PID 1700 set thread context of 552	1700	hub.exe	320
PID 2788 set thread context of 2336	2788	hub.exe	231
PID 2724 set thread context of 744	2724	hub.exe	233
PID 2336 set thread context of 1540	2336	hub.exe	234
PID 744 set thread context of 3148	744	hub.exe	377
PID 2564 set thread context of 3404	2564	hub.exe	252
PID 3404 set thread context of 3508	3404	hub.exe	257
PID 2832 set thread context of 3784	2832	hub.exe	269
PID 3784 set thread context of 3852	3784	hub.exe	271
PID 1256 set thread context of 3992	1256	hub.exe	276
PID 3992 set thread context of 4068	3992	hub.exe	278
PID 3108 set thread context of 2676	3108	hub.exe	285
PID 3676 set thread context of 1548	3676	hub.exe	287
PID 3684 set thread context of 3116	3684	hub.exe	288
PID 3604 set thread context of 2028	3604	hub.exe	290
PID 1548 set thread context of 3548	1548	hub.exe	292
PID 3116 set thread context of 3564	3116	hub.exe	430
PID 2676 set thread context of 3572	2676	hub.exe	295
PID 3948 set thread context of 3580	3948	hub.exe	296
PID 2028 set thread context of 3924	2028	hub.exe	311
PID 3956 set thread context of 3680	3956	hub.exe	312
PID 3580 set thread context of 2852	3580	hub.exe	623
PID 3680 set thread context of 912	3680	hub.exe	388
PID 316 set thread context of 4000	316	hub.exe	328
PID 4000 set thread context of 3076	4000	hub.exe	330
PID 3140 set thread context of 928	3140	hub.exe	371
PID 928 set thread context of 4064	928	hub.exe	374

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hub.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
2780	hub.exe
2632	hub.exe
1296	hub.exe
1136	hub.exe
1400	hub.exe
2508	hub.exe
772	hub.exe
2472	hub.exe
2072	hub.exe
1488	hub.exe
2552	hub.exe
2248	hub.exe
2784	hub.exe
1292	hub.exe
1572	hub.exe
2460	hub.exe
2920	hub.exe
1264	hub.exe
2324	hub.exe
1340	hub.exe
2336	hub.exe
3060	hub.exe
1480	hub.exe
1364	hub.exe
2024	hub.exe
1980	hub.exe
1720	hub.exe
2380	hub.exe
2964	hub.exe
2732	hub.exe
1580	hub.exe
2724	hub.exe
2504	hub.exe
2788	hub.exe
2564	hub.exe
1284	hub.exe
2996	hub.exe
972	hub.exe
1700	hub.exe
2832	hub.exe
1256	hub.exe
2336	hub.exe
744	hub.exe
3108	hub.exe
3404	hub.exe
3604	hub.exe
3676	hub.exe
3684	hub.exe
3784	hub.exe
3948	hub.exe
3992	hub.exe
3956	hub.exe
2676	hub.exe
1548	hub.exe
3116	hub.exe
316	hub.exe
2028	hub.exe
3556	hub.exe
3580	hub.exe
3680	hub.exe
3652	hub.exe
2896	hub.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 2908 wrote to memory of 3028	2908	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 3028 wrote to memory of 2108	3028	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 2108 wrote to memory of 2756	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 2108 wrote to memory of 2756	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 2108 wrote to memory of 2756	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 2108 wrote to memory of 2756	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 2108 wrote to memory of 2756	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 2108 wrote to memory of 2864	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 2108 wrote to memory of 2864	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 2108 wrote to memory of 2864	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 2108 wrote to memory of 2864	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 2108 wrote to memory of 2864	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 2108 wrote to memory of 2992	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 2108 wrote to memory of 2992	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 2108 wrote to memory of 2992	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 2108 wrote to memory of 2992	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 2108 wrote to memory of 2992	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 2108 wrote to memory of 2888	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 2108 wrote to memory of 2888	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 2108 wrote to memory of 2888	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 2108 wrote to memory of 2888	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 2108 wrote to memory of 2888	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 2108 wrote to memory of 2904	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 2108 wrote to memory of 2904	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 2108 wrote to memory of 2904	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 2108 wrote to memory of 2904	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 2108 wrote to memory of 2904	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 2108 wrote to memory of 2952	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	39
PID 2108 wrote to memory of 2952	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	39
PID 2108 wrote to memory of 2952	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	39
PID 2108 wrote to memory of 2952	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	39
PID 2108 wrote to memory of 2952	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	39
PID 2108 wrote to memory of 2092	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	40
PID 2108 wrote to memory of 2092	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	40
PID 2108 wrote to memory of 2092	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	40
PID 2108 wrote to memory of 2092	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	40
PID 2108 wrote to memory of 2092	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	40
PID 2108 wrote to memory of 2924	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	41
PID 2108 wrote to memory of 2924	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	41
PID 2108 wrote to memory of 2924	2108	JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe	41

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_773da871b8296896ffccb40b5c9bd6fc.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Loads dropped DLL
      Adds Run key to start application
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        21⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        22⤵
        
        PID:3816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        23⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        24⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        25⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        21⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        22⤵
        
        PID:4848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        23⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        24⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        25⤵
        
        PID:5948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        26⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        
        PID:2492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        21⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        22⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        
        PID:4764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:5068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        
        PID:5524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        
        PID:5900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        21⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        22⤵
        
        PID:5216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:2852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:4288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        
        PID:5728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:5936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:5568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:4324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        
        PID:5996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:5620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:6140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:4408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:5992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Adds Run key to start application
        
        PID:4064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:4680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:6100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:5204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:6016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:4628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:4504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:6108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:3952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:5484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:5180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:5428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:5524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:4680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:4980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1856
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2864
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2992
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2900
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2888
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2904
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2952
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2092
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:3044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        17⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        18⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        19⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        20⤵
        Writes to the Master Boot Record (MBR)
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        22⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        23⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        24⤵
        
        PID:5480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:4524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        25⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        26⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        27⤵
        
        PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe

Filesize
196KB

MD5
773da871b8296896ffccb40b5c9bd6fc

SHA1
0060f821272f2d8baa30a91e13dabc4bf72d3289

SHA256
ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa

SHA512
7f8f2d51b0ac63b1d63110996499ddc8df0b3600033822b70e52599525c74e5bc9815de9035c1d990a9764f1a1e9e880f014ce6ae7a32e94a26cec080242e20c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\nhk7zhmn.cfg

Filesize
1KB

MD5
9e0b41b27b0acdbe7301109e6e678001

SHA1
2851d407bb5c707c32115d18e9f15665e5c36c92

SHA256
ce4e87ac27537b6eb44f883197d60cb8ac35810e70245bd08e710b09ef47bbc6

SHA512
c45158eedb468da552635173cb3f7e08419786219f73b3f9f798804327088c484b2bb0d3da10c9f6719621b2fc69299539263788961b0a20a03a61a092625652

Download Submit
memory/2108-29-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2108-23-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-28-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-19-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-18-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-17-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-20-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-21-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-26-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-27-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2108-22-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2632-80-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2756-40-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3028-12-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3028-2-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3028-14-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3028-32-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3028-6-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3028-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3028-4-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads