xtremerat | 44ad557c0ab3afb9b705071f29b47da96ec36ca513e3159286e51682dc6ade3d

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/02/2025, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
Size

285KB
MD5

ef12e05e6574ccb9217ca43121bf0f69
SHA1

e1c7af9bbc5dd38a023f80bf81a1d34191eeeb1c
SHA256

44ad557c0ab3afb9b705071f29b47da96ec36ca513e3159286e51682dc6ade3d
SHA512

ab216d5785e5cf26db9c036054b4470d78435798a765801230f799b5fc3d6bc7ac80e5edd2eca78a750eff298524d136039d353b1c4a1f5f7a960abdcb11372c
SSDEEP

6144:8JZ61AGWfu0tBXQQPekwZ5BtMoj6D6SP8XrWU:oo1AGd0/QsekwXPj6tUXr

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 34 IoCs

resource	yara_rule
behavioral1/files/0x000700000001658c-33.dat	family_xtremerat
behavioral1/memory/2536-54-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1616-62-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2916-65-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2180-71-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2184-75-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1748-81-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2368-84-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2404-90-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1012-94-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2280-99-0x0000000076E10000-0x0000000076F2F000-memory.dmp	family_xtremerat
behavioral1/memory/2280-98-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2772-104-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1360-111-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2864-114-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1936-120-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/924-123-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1632-129-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2652-132-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2712-137-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1660-143-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2492-146-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2516-149-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2652-152-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1112-155-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2772-158-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1996-161-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3128-164-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3240-167-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3348-170-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3460-173-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3572-176-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3688-179-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3800-182-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupdate .exe	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupdate .exe	cmd.exe

Executes dropped EXE 36 IoCs

pid	Process
2536	%tmp%.exe
2560	svhost.exe
2072	svhost.exe
2812	svhost.exe
2696	svhost.exe
1616	%tmp%.exe
2916	%tmp%.exe
2180	%tmp%.exe
2184	%tmp%.exe
1748	%tmp%.exe
2368	%tmp%.exe
2404	%tmp%.exe
1012	%tmp%.exe
2280	%tmp%.exe
2772	%tmp%.exe
1360	%tmp%.exe
2864	%tmp%.exe
1936	%tmp%.exe
924	%tmp%.exe
1632	%tmp%.exe
2652	%tmp%.exe
2712	%tmp%.exe
1660	%tmp%.exe
2492	%tmp%.exe
2516	%tmp%.exe
2652	%tmp%.exe
1112	%tmp%.exe
2772	%tmp%.exe
1996	%tmp%.exe
3128	%tmp%.exe
3240	%tmp%.exe
3348	%tmp%.exe
3460	%tmp%.exe
3572	%tmp%.exe
3688	%tmp%.exe
3800	%tmp%.exe

Loads dropped DLL 37 IoCs

pid	Process
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2536	%tmp%.exe
1616	%tmp%.exe
2916	%tmp%.exe
2180	%tmp%.exe
2184	%tmp%.exe
1748	%tmp%.exe
2368	%tmp%.exe
2404	%tmp%.exe
1012	%tmp%.exe
2280	%tmp%.exe
2772	%tmp%.exe
1360	%tmp%.exe
2864	%tmp%.exe
1936	%tmp%.exe
924	%tmp%.exe
1632	%tmp%.exe
2652	%tmp%.exe
2712	%tmp%.exe
1660	%tmp%.exe
2492	%tmp%.exe
2516	%tmp%.exe
2652	%tmp%.exe
1112	%tmp%.exe
2772	%tmp%.exe
1996	%tmp%.exe
3128	%tmp%.exe
3240	%tmp%.exe
3348	%tmp%.exe
3460	%tmp%.exe
3572	%tmp%.exe
3688	%tmp%.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	%tmp%.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2784	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	30
PID 2496 wrote to memory of 2784	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	30
PID 2496 wrote to memory of 2784	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	30
PID 2496 wrote to memory of 2784	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	30
PID 2496 wrote to memory of 2812	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	32
PID 2496 wrote to memory of 2812	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	32
PID 2496 wrote to memory of 2812	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	32
PID 2496 wrote to memory of 2812	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	32
PID 2784 wrote to memory of 2704	2784	cmd.exe	34
PID 2784 wrote to memory of 2704	2784	cmd.exe	34
PID 2784 wrote to memory of 2704	2784	cmd.exe	34
PID 2784 wrote to memory of 2704	2784	cmd.exe	34
PID 2496 wrote to memory of 2560	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	33
PID 2496 wrote to memory of 2560	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	33
PID 2496 wrote to memory of 2560	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	33
PID 2496 wrote to memory of 2560	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	33
PID 2496 wrote to memory of 2072	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	35
PID 2496 wrote to memory of 2072	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	35
PID 2496 wrote to memory of 2072	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	35
PID 2496 wrote to memory of 2072	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	35
PID 2496 wrote to memory of 2696	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	36
PID 2496 wrote to memory of 2696	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	36
PID 2496 wrote to memory of 2696	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	36
PID 2496 wrote to memory of 2696	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	36
PID 2496 wrote to memory of 2536	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	37
PID 2496 wrote to memory of 2536	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	37
PID 2496 wrote to memory of 2536	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	37
PID 2496 wrote to memory of 2536	2496	JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe	37
PID 2536 wrote to memory of 2576	2536	%tmp%.exe	38
PID 2536 wrote to memory of 2576	2536	%tmp%.exe	38
PID 2536 wrote to memory of 2576	2536	%tmp%.exe	38
PID 2536 wrote to memory of 2576	2536	%tmp%.exe	38
PID 2536 wrote to memory of 2576	2536	%tmp%.exe	38
PID 2704 wrote to memory of 2908	2704	wscript.exe	39
PID 2704 wrote to memory of 2908	2704	wscript.exe	39
PID 2704 wrote to memory of 2908	2704	wscript.exe	39
PID 2704 wrote to memory of 2908	2704	wscript.exe	39
PID 2536 wrote to memory of 1260	2536	%tmp%.exe	41
PID 2536 wrote to memory of 1260	2536	%tmp%.exe	41
PID 2536 wrote to memory of 1260	2536	%tmp%.exe	41
PID 2536 wrote to memory of 1260	2536	%tmp%.exe	41
PID 2536 wrote to memory of 1260	2536	%tmp%.exe	41
PID 2536 wrote to memory of 1484	2536	%tmp%.exe	42
PID 2536 wrote to memory of 1484	2536	%tmp%.exe	42
PID 2536 wrote to memory of 1484	2536	%tmp%.exe	42
PID 2536 wrote to memory of 1484	2536	%tmp%.exe	42
PID 2536 wrote to memory of 1484	2536	%tmp%.exe	42
PID 2536 wrote to memory of 2860	2536	%tmp%.exe	43
PID 2536 wrote to memory of 2860	2536	%tmp%.exe	43
PID 2536 wrote to memory of 2860	2536	%tmp%.exe	43
PID 2536 wrote to memory of 2860	2536	%tmp%.exe	43
PID 2536 wrote to memory of 2860	2536	%tmp%.exe	43
PID 2536 wrote to memory of 2504	2536	%tmp%.exe	44
PID 2536 wrote to memory of 2504	2536	%tmp%.exe	44
PID 2536 wrote to memory of 2504	2536	%tmp%.exe	44
PID 2536 wrote to memory of 2504	2536	%tmp%.exe	44
PID 2536 wrote to memory of 2504	2536	%tmp%.exe	44
PID 2536 wrote to memory of 444	2536	%tmp%.exe	45
PID 2536 wrote to memory of 444	2536	%tmp%.exe	45
PID 2536 wrote to memory of 444	2536	%tmp%.exe	45
PID 2536 wrote to memory of 444	2536	%tmp%.exe	45
PID 2536 wrote to memory of 444	2536	%tmp%.exe	45
PID 2536 wrote to memory of 1672	2536	%tmp%.exe	46
PID 2536 wrote to memory of 1672	2536	%tmp%.exe	46

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ef12e05e6574ccb9217ca43121bf0f69.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Roaming\lala.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Windows\SysWOW64\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Roaming\invs.vbs" "C:\Users\Admin\AppData\Roaming\lala2.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Roaming\lala2.bat" "
      4⤵
      Drops startup file
      System Location Discovery: System Language Discovery
      PID:2908
- C:\Windows\Temp\svhost.exe
  C:\Windows\Temp\svhost.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\Temp\svhost.exe
  C:\Windows\Temp\svhost.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\Temp\svhost.exe
  C:\Windows\Temp\svhost.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\Temp\svhost.exe
  C:\Windows\Temp\svhost.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
  "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2576
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1260
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1484
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2860
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2504
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:444
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1672
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
    "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1616
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2420
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:600
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:788
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1976
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:484
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2868
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2900
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
      "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2916
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2740
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1072
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1624
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:776
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1036
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:536
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1904
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2180
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2196
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2156
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1292
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2360
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2332
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1928
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2488
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:3056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:3048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\%tmp%.exe
        
        "C:\Users\Admin\AppData\Local\Temp\%tmp%.exe"
        34⤵
        
        PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Kq8ac4p.cfg

Filesize
1KB

MD5
bb277a3649ba85cec050b06199f2b012

SHA1
b29ae1d9bbfea06b046b9431bd41437415c3e08d

SHA256
02c63af4c9bfe6dcc85f5191ebfa57ee42b324472b91ce5ff4e5e5d2fb2bbda2

SHA512
16e8e90b44a48648e8e2f586cd8c3a8e6e977cc375ab6740860db06196bb18ccc623b5963d3442f5c7eb58488fd1eb31874e38963312573c9691788bd0e54809

Download Submit
C:\Users\Admin\AppData\Roaming\invs.vbs

Filesize
78B

MD5
c578d9653b22800c3eb6b6a51219bbb8

SHA1
a97aa251901bbe179a48dbc7a0c1872e163b1f2d

SHA256
20a98a7e6e137bb1b9bd5ef6911a479cb8eac925b80d6db4e70b19f62a40cce2

SHA512
3ae6dc8f02d1a78e1235a0782b632972da5a74ab32287cc41aa672d4fa4a9d34bb5fc50eba07b6915f2e61c402927cd5f6feeb7f7602afa2f64e91efb3b7fc4d

Download Submit
C:\Users\Admin\AppData\Roaming\lala.bat

Filesize
53B

MD5
da2f62b3f68d61e7ff27df1155637ae1

SHA1
326f9ab4df92d730d0f22d0ee5e0faf661c7ac59

SHA256
547013d5a8e3c6f94e61a6e9d0a052451e4a73e54b11b8dd4d1ff357f96cad41

SHA512
f2e24b25add6479f5cc6746392be03f2d6a1ed3afd6b279aefa5614b81279d45c572344e24e3daf849974bc5fae3c0451ddf2c66e338268d22589aeb2b41c34d

Download Submit
C:\Users\Admin\AppData\Roaming\lala2.bat

Filesize
162B

MD5
6f7261170e8fe346091572a58cad91ba

SHA1
724e733616e8142ca24577d416e1a7b7b1573442

SHA256
5cd362104b9d7b73c0b8f668eda12f56766c0c9d98ba6208bad1172d11558103

SHA512
47a698fe6f19f0ba7574370e471338233d942dafcfc96bef96631bd11d44ea16e15e37acc50b51efcc08dc8f6e6df49c6a77c38c92ea4571e3ca4fe1cb75c270

Download Submit
C:\Users\Admin\AppData\Roaming\winupdate .exe

Filesize
285KB

MD5
ef12e05e6574ccb9217ca43121bf0f69

SHA1
e1c7af9bbc5dd38a023f80bf81a1d34191eeeb1c

SHA256
44ad557c0ab3afb9b705071f29b47da96ec36ca513e3159286e51682dc6ade3d

SHA512
ab216d5785e5cf26db9c036054b4470d78435798a765801230f799b5fc3d6bc7ac80e5edd2eca78a750eff298524d136039d353b1c4a1f5f7a960abdcb11372c

Download Submit
\Users\Admin\AppData\Local\Temp\%tmp%.exe

Filesize
40KB

MD5
95a4cc9c3b2c3711a05231d7b4999e91

SHA1
0ca7aeccd7a28fc5089bc3f8072f6695ef12fef7

SHA256
58e7509df157c710d9443d23e15012dbdf3329a087f2c9d469bfd0855124ebbf

SHA512
8f04d9b92b05bfbc03b4aa748cb25deafd7a02c3c1ffb98764feacf74ca2f4bdf63d4b4d05446bd515c8a12eee7a86b6784b30b2e7a2b280b52f0eaffbdea754

Download Submit
\Windows\Temp\svhost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
memory/924-123-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1012-94-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1112-155-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1360-111-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1616-62-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1632-129-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1660-143-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1748-81-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1936-120-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1996-161-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2180-71-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2184-75-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2280-100-0x0000000076D10000-0x0000000076E0A000-memory.dmp

Filesize
1000KB

Download
memory/2280-99-0x0000000076E10000-0x0000000076F2F000-memory.dmp

Filesize
1.1MB

Download
memory/2280-98-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2368-84-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2404-90-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2492-146-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2496-1-0x0000000074270000-0x000000007481B000-memory.dmp

Filesize
5.7MB

Download
memory/2496-92-0x0000000074270000-0x000000007481B000-memory.dmp

Filesize
5.7MB

Download
memory/2496-2-0x0000000074270000-0x000000007481B000-memory.dmp

Filesize
5.7MB

Download
memory/2496-59-0x0000000074270000-0x000000007481B000-memory.dmp

Filesize
5.7MB

Download
memory/2496-0-0x0000000074271000-0x0000000074272000-memory.dmp

Filesize
4KB

Download
memory/2516-149-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2536-54-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2652-152-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2652-132-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2712-137-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2772-104-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2772-158-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2864-114-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2916-65-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3128-164-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3240-167-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3348-170-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3460-173-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3572-176-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3688-179-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3800-182-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download