And again ......... another legit Windows System32 directory process abused. https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/