glupteba | 1cd649ea4273fd977b6a350bfe8f3b62f1d0aee1408b9966aa3d6ad39ba5af6a

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	7WE4etNK0RhKjW9McegaUIMj.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	7WE4etNK0RhKjW9McegaUIMj.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	45Ux5PyfV94DYg31_Hcbavqm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	45Ux5PyfV94DYg31_Hcbavqm.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Setup (12).exe

Loads dropped DLL 3 IoCs

pid	Process
4884	5mKuA0UuOoHvg7TNbSwTeByI.tmp
4884	5mKuA0UuOoHvg7TNbSwTeByI.tmp
4164	AqoWtro9MgqSDsSrLadohWxp.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral8/files/0x000100000001ab63-130.dat	themida
behavioral8/files/0x000100000001ab51-161.dat	themida
behavioral8/files/0x000100000001ab51-181.dat	themida
behavioral8/files/0x000100000001ab63-167.dat	themida
behavioral8/memory/2244-229-0x0000000000D30000-0x0000000000D31000-memory.dmp	themida
behavioral8/files/0x000100000001ab5d-234.dat	themida
behavioral8/memory/3556-227-0x0000000000C80000-0x0000000000C81000-memory.dmp	themida
behavioral8/files/0x000100000001ab5d-213.dat	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	7WE4etNK0RhKjW9McegaUIMj.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	45Ux5PyfV94DYg31_Hcbavqm.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 15 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
125	ipinfo.io
2973	ipinfo.io
3277	ipinfo.io
6187	ipinfo.io
33	api.db-ip.com
119	ip-api.com
124	ipinfo.io
19857	ipinfo.io
30	ipinfo.io
34	api.db-ip.com
162	ipinfo.io
19856	ipinfo.io
29	ipinfo.io
179	ipinfo.io
1118	ipinfo.io

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2244	7WE4etNK0RhKjW9McegaUIMj.exe
3556	45Ux5PyfV94DYg31_Hcbavqm.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 1656 set thread context of 4740	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	110
PID 2560 set thread context of 4820	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	114
PID 1908 set thread context of 4908	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	115
PID 2812 set thread context of 3144	2812	UoIrxuU4_yJvEZ0LYyllfvBT.exe	199
PID 1656 set thread context of 4960	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	116
PID 4316 set thread context of 5044	4316	p83xjtndX331_hrkG69GWJ6Z.exe	200
PID 1908 set thread context of 2152	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	118
PID 1656 set thread context of 4452	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	119
PID 2560 set thread context of 4000	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	120
PID 1908 set thread context of 1252	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	191
PID 2560 set thread context of 3876	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	188
PID 1908 set thread context of 4404	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	123
PID 4316 set thread context of 2096	4316	p83xjtndX331_hrkG69GWJ6Z.exe	124
PID 2560 set thread context of 4904	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	125
PID 1656 set thread context of 5184	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	126
PID 4316 set thread context of 5324	4316	p83xjtndX331_hrkG69GWJ6Z.exe	127
PID 1656 set thread context of 5468	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	128
PID 1908 set thread context of 5592	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	141
PID 2560 set thread context of 5616	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	129
PID 4316 set thread context of 5668	4316	p83xjtndX331_hrkG69GWJ6Z.exe	140
PID 1908 set thread context of 5852	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	131
PID 2560 set thread context of 5876	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	139
PID 4316 set thread context of 5960	4316	p83xjtndX331_hrkG69GWJ6Z.exe	134
PID 1656 set thread context of 6024	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	133
PID 1908 set thread context of 4812	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	138
PID 2560 set thread context of 2548	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	137
PID 4316 set thread context of 5144	4316	p83xjtndX331_hrkG69GWJ6Z.exe	171
PID 1656 set thread context of 5156	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	143
PID 2560 set thread context of 5572	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	145
PID 4316 set thread context of 5456	4316	p83xjtndX331_hrkG69GWJ6Z.exe	154
PID 1656 set thread context of 5452	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	185
PID 2560 set thread context of 6120	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	223
PID 1656 set thread context of 5988	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	152
PID 4316 set thread context of 4236	4316	p83xjtndX331_hrkG69GWJ6Z.exe	150
PID 1908 set thread context of 3960	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	151
PID 1656 set thread context of 5196	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	158
PID 1908 set thread context of 1796	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	164
PID 4316 set thread context of 5492	4316	p83xjtndX331_hrkG69GWJ6Z.exe	159
PID 1656 set thread context of 5208	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	163
PID 1908 set thread context of 2356	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	169
PID 4316 set thread context of 4300	4316	p83xjtndX331_hrkG69GWJ6Z.exe	167
PID 2560 set thread context of 4556	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	168
PID 1656 set thread context of 5632	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	170
PID 1580 set thread context of 4160	1580	0DoJDGAGEMly90MKeEs0gAU3.exe	174
PID 1908 set thread context of 5780	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	184
PID 2560 set thread context of 5424	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	173
PID 1656 set thread context of 5716	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	176
PID 1908 set thread context of 6292	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	181
PID 4316 set thread context of 6328	4316	p83xjtndX331_hrkG69GWJ6Z.exe	178
PID 2560 set thread context of 6356	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	179
PID 1656 set thread context of 6396	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	180
PID 1908 set thread context of 6568	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	182
PID 4316 set thread context of 6640	4316	p83xjtndX331_hrkG69GWJ6Z.exe	202
PID 2560 set thread context of 6672	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	204
PID 1656 set thread context of 6728	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	203
PID 1908 set thread context of 6896	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	206
PID 2560 set thread context of 7008	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	211
PID 4316 set thread context of 7040	4316	p83xjtndX331_hrkG69GWJ6Z.exe	207
PID 2360 set thread context of 6452	2360	7_2fyDtCcqQ2EpAZmiLeXW0u.exe	214
PID 2560 set thread context of 6264	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	217
PID 1656 set thread context of 6252	1656	IGXOSzAiLMPltMM3bnaxoRmh.exe	212
PID 4316 set thread context of 6376	4316	p83xjtndX331_hrkG69GWJ6Z.exe	213
PID 1908 set thread context of 6516	1908	pPxE9TLb0d4qPYleMNNy9VIk.exe	215
PID 2560 set thread context of 2100	2560	qXpZnq8TTtWPErg6TBCbex1O.exe	221

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe	tdsKRHBSpZ0xQjewFaQkrzXs.exe
File created	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini	tdsKRHBSpZ0xQjewFaQkrzXs.exe
File created	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	_MpXU8EfETIVPryYc4QNY3Ww.exe
File opened for modification	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	_MpXU8EfETIVPryYc4QNY3Ww.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\inst001.exe	tdsKRHBSpZ0xQjewFaQkrzXs.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\cutm3.exe	tdsKRHBSpZ0xQjewFaQkrzXs.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe	tdsKRHBSpZ0xQjewFaQkrzXs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4920	4000	WerFault.exe	120
5984	2268	WerFault.exe	84
5484	2268	WerFault.exe	84
6056	4040	WerFault.exe	86
5944	5144	WerFault.exe
5720	6120	WerFault.exe	147
2848	2552	WerFault.exe	80
5288	4040	WerFault.exe	86
2848	2552	WerFault.exe	80
6300	4040	WerFault.exe	86
5452	2268	WerFault.exe	84
4532	2268	WerFault.exe	84
6828	2552	WerFault.exe	80
7136	4040	WerFault.exe	86
6992	2268	WerFault.exe	84
6420	5148	WerFault.exe	225
6920	2268	WerFault.exe	84
6204	2552	WerFault.exe	80
6876	2268	WerFault.exe	84
5860	4788	WerFault.exe	112
8104	4040	WerFault.exe	86
7828	2552	WerFault.exe	80
5504	2552	WerFault.exe	80
8948	8312	WerFault.exe	290
9068	4040	WerFault.exe	86
9332	9960	WerFault.exe	331
684	2552	WerFault.exe	80
1844	7328	WerFault.exe	359
7784	9392	WerFault.exe	361
2960	2552	WerFault.exe	80
2232	2808	WerFault.exe	369
11988	4248	WerFault.exe	105
13800	4160	WerFault.exe	174
4868	40440	Process not Found	1426
43352	32948	Process not Found	1043
5892	29108	Process not Found	911
6048	16524	Process not Found	888
9236	45032	Process not Found	1435
43500	16040	Process not Found	601
43748	45096	Process not Found	1421
5824	30416	Process not Found	962
40076	21660	Process not Found	683
7992	23136	Process not Found	730
44956	19656	Process not Found	708
40528	4940	Process not Found	1447
11516	39572	Process not Found	1433
42256	13608	Process not Found	530
45380	36916	Process not Found	1178
44256	38928	Process not Found	1425
45948	45364	Process not Found	1403
39948	30532	Process not Found	955
12616	45732	Process not Found	1440
4768	45596	Process not Found	1411
36328	14396	Process not Found	483
376	11360	Process not Found	408
5708	752	Process not Found	401
28516	36416	Process not Found	1293
27812	34356	Process not Found	1148
10768	28816	Process not Found	1031
10424	44528	Process not Found	1429
46648	16492	Process not Found	532
9312	37508	Process not Found	1140
4688	6024	Process not Found	133
17220	19848	Process not Found	1585

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	UoIrxuU4_yJvEZ0LYyllfvBT.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	UoIrxuU4_yJvEZ0LYyllfvBT.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	UoIrxuU4_yJvEZ0LYyllfvBT.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

pid	Process
3516	schtasks.exe
4704	schtasks.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
14156	timeout.exe
12528	Process not Found

Kills process with taskkill 1 IoCs

evasion

pid	Process
8852	taskkill.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Process not Found

Script User-Agent 6 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	177	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	179	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	242	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	1119	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	3274	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	6196	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
568	Setup (12).exe
568	Setup (12).exe
3144	UoIrxuU4_yJvEZ0LYyllfvBT.exe
3144	UoIrxuU4_yJvEZ0LYyllfvBT.exe
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
4532	WerFault.exe
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found
2988	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3144	UoIrxuU4_yJvEZ0LYyllfvBT.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	IGXOSzAiLMPltMM3bnaxoRmh.exe
Token: SeDebugPrivilege	4120	vfQVvXcdroPMyVVkqiCQ0HZY.exe
Token: SeRestorePrivilege	4532	WerFault.exe
Token: SeBackupPrivilege	4532	WerFault.exe
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeDebugPrivilege	4532	WerFault.exe
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeDebugPrivilege	5452	WerFault.exe
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeDebugPrivilege	3556	45Ux5PyfV94DYg31_Hcbavqm.exe
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeDebugPrivilege	2244	7WE4etNK0RhKjW9McegaUIMj.exe
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeShutdownPrivilege	2988	Process not Found
Token: SeCreatePagefilePrivilege	2988	Process not Found
Token: SeDebugPrivilege	5984	WerFault.exe
Token: SeShutdownPrivilege	2988	Process not Found

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4884	5mKuA0UuOoHvg7TNbSwTeByI.tmp
2988	Process not Found
2988	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 2268	568	Setup (12).exe	84
PID 568 wrote to memory of 2268	568	Setup (12).exe	84
PID 568 wrote to memory of 2268	568	Setup (12).exe	84
PID 568 wrote to memory of 1720	568	Setup (12).exe	83
PID 568 wrote to memory of 1720	568	Setup (12).exe	83
PID 568 wrote to memory of 1720	568	Setup (12).exe	83
PID 568 wrote to memory of 2244	568	Setup (12).exe	82
PID 568 wrote to memory of 2244	568	Setup (12).exe	82
PID 568 wrote to memory of 2244	568	Setup (12).exe	82
PID 568 wrote to memory of 2300	568	Setup (12).exe	85
PID 568 wrote to memory of 2300	568	Setup (12).exe	85
PID 568 wrote to memory of 1908	568	Setup (12).exe	81
PID 568 wrote to memory of 1908	568	Setup (12).exe	81
PID 568 wrote to memory of 1908	568	Setup (12).exe	81
PID 568 wrote to memory of 2552	568	Setup (12).exe	80
PID 568 wrote to memory of 2552	568	Setup (12).exe	80
PID 568 wrote to memory of 2552	568	Setup (12).exe	80
PID 568 wrote to memory of 2360	568	Setup (12).exe	79
PID 568 wrote to memory of 2360	568	Setup (12).exe	79
PID 568 wrote to memory of 2360	568	Setup (12).exe	79
PID 568 wrote to memory of 1656	568	Setup (12).exe	78
PID 568 wrote to memory of 1656	568	Setup (12).exe	78
PID 568 wrote to memory of 1656	568	Setup (12).exe	78
PID 568 wrote to memory of 1648	568	Setup (12).exe	92
PID 568 wrote to memory of 1648	568	Setup (12).exe	92
PID 568 wrote to memory of 1648	568	Setup (12).exe	92
PID 568 wrote to memory of 3088	568	Setup (12).exe	87
PID 568 wrote to memory of 3088	568	Setup (12).exe	87
PID 568 wrote to memory of 728	568	Setup (12).exe	88
PID 568 wrote to memory of 728	568	Setup (12).exe	88
PID 568 wrote to memory of 728	568	Setup (12).exe	88
PID 568 wrote to memory of 4040	568	Setup (12).exe	86
PID 568 wrote to memory of 4040	568	Setup (12).exe	86
PID 568 wrote to memory of 4040	568	Setup (12).exe	86
PID 568 wrote to memory of 3388	568	Setup (12).exe	93
PID 568 wrote to memory of 3388	568	Setup (12).exe	93
PID 568 wrote to memory of 3388	568	Setup (12).exe	93
PID 568 wrote to memory of 3496	568	Setup (12).exe	96
PID 568 wrote to memory of 3496	568	Setup (12).exe	96
PID 568 wrote to memory of 3496	568	Setup (12).exe	96
PID 568 wrote to memory of 1580	568	Setup (12).exe	95
PID 568 wrote to memory of 1580	568	Setup (12).exe	95
PID 568 wrote to memory of 1580	568	Setup (12).exe	95
PID 568 wrote to memory of 3556	568	Setup (12).exe	99
PID 568 wrote to memory of 3556	568	Setup (12).exe	99
PID 568 wrote to memory of 3556	568	Setup (12).exe	99
PID 568 wrote to memory of 2560	568	Setup (12).exe	98
PID 568 wrote to memory of 2560	568	Setup (12).exe	98
PID 568 wrote to memory of 2560	568	Setup (12).exe	98
PID 568 wrote to memory of 2812	568	Setup (12).exe	108
PID 568 wrote to memory of 2812	568	Setup (12).exe	108
PID 568 wrote to memory of 2812	568	Setup (12).exe	108
PID 568 wrote to memory of 4120	568	Setup (12).exe	107
PID 568 wrote to memory of 4120	568	Setup (12).exe	107
PID 568 wrote to memory of 4164	568	Setup (12).exe	106
PID 568 wrote to memory of 4164	568	Setup (12).exe	106
PID 568 wrote to memory of 4164	568	Setup (12).exe	106
PID 568 wrote to memory of 4248	568	Setup (12).exe	105
PID 568 wrote to memory of 4248	568	Setup (12).exe	105
PID 568 wrote to memory of 4248	568	Setup (12).exe	105
PID 568 wrote to memory of 4316	568	Setup (12).exe	102
PID 568 wrote to memory of 4316	568	Setup (12).exe	102
PID 568 wrote to memory of 4316	568	Setup (12).exe	102
PID 568 wrote to memory of 4488	568	Setup (12).exe	104

C:\Users\Admin\AppData\Local\Temp\Setup (12).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (12).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:568
- C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
  "C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1656
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:4740
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:4960
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:4452
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:3416
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:5184
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:5468
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:5752
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:6024
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5156
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5988
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5452
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5196
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5208
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5632
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5716
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6396
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Executes dropped EXE
    PID:5024
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6728
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7076
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6252
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6760
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7160
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6520
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:6856
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5788
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2300
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5788
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7268
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7600
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7960
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:4224
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8012
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7932
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5148
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8368
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8876
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8340
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8840
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8208
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7060
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:4220
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:7112
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9360
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9756
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10128
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9492
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:8220
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9516
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5084
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:4004
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10016
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9384
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:3380
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:1052
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10588
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11020
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:4972
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10888
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10308
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:2400
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:872
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11360
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11760
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12268
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12000
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11492
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12492
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12908
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13292
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12732
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12532
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12936
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13576
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:14052
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13616
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13960
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:3476
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9512
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:14472
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:14928
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:14360
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9632
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:14512
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:12064
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:10136
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:15648
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16136
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13472
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16304
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13472
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13608
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16772
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17172
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:15600
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5932
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16696
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17864
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:18312
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11596
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:18992
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:18736
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19392
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:18884
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13256
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19612
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19988
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20444
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:15828
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20336
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17432
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:15380
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20216
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20540
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21116
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20568
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21112
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20848
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21188
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17776
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21660
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22124
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21668
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19608
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19984
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19656
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22432
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22872
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23396
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22840
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23432
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16748
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22932
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17928
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9060
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20908
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23668
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24236
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22664
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22444
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24672
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23912
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22768
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25808
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:26332
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25532
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25884
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24124
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22936
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20432
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:20208
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22212
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:628
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:21060
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:22564
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:19280
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:11056
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:27644
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:15092
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:28352
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:16524
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24868
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23088
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:28216
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:29108
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:28716
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:29240
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:5696
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:26160
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24668
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25396
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:29676
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:29756
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:30216
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:30712
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:30080
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:13540
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:29820
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:30292
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31308
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31696
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:28404
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24064
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:17944
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31680
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31580
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:18080
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:23212
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31804
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:31812
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:33268
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:33720
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:33064
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:27900
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:24616
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:9840
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:34256
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:33380
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25568
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:35224
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:35788
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:34828
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:35948
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:35276
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:33876
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:35304
- - C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    C:\Users\Admin\Documents\IGXOSzAiLMPltMM3bnaxoRmh.exe
    3⤵
    PID:25172
- C:\Users\Admin\Documents\7_2fyDtCcqQ2EpAZmiLeXW0u.exe
  "C:\Users\Admin\Documents\7_2fyDtCcqQ2EpAZmiLeXW0u.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2360
- - C:\Users\Admin\Documents\7_2fyDtCcqQ2EpAZmiLeXW0u.exe
    "C:\Users\Admin\Documents\7_2fyDtCcqQ2EpAZmiLeXW0u.exe"
    3⤵
    PID:6452
- C:\Users\Admin\Documents\D4rE3aIQ2RsTz2s3Hhfv3Y2F.exe
  "C:\Users\Admin\Documents\D4rE3aIQ2RsTz2s3Hhfv3Y2F.exe"
  2⤵
  - Executes dropped EXE
  PID:2552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 384
    3⤵
    - Program crash
    PID:2848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 364
    3⤵
    - Program crash
    PID:2848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 400
    3⤵
    - Program crash
    PID:6828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 620
    3⤵
    - Program crash
    PID:6204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 664
    3⤵
    - Program crash
    PID:7828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 620
    3⤵
    - Program crash
    PID:5504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 716
    3⤵
    - Program crash
    PID:684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 728
    3⤵
    - Program crash
    PID:2960
- C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
  "C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1908
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:4748
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:4908
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:2152
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:4404
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:5852
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:4812
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:5592
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6052
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:3960
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:1824
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:1796
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:2356
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6292
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6568
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:5780
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:5248
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    - Executes dropped EXE
    PID:1252
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6896
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4856
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6516
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4136
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6388
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7048
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6456
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7120
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:6272
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7384
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7732
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4336
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4668
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8108
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8080
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7380
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8524
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9024
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8648
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:2112
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8908
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8980
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4656
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4608
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9496
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9816
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10144
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7712
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9928
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9412
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7920
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:9496
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 24
      4⤵
      Program crash
      PID:1844
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:2384
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8924
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10056
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10548
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10972
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10360
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4124
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7644
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:752
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10864
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11408
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11844
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11492
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:12144
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:8136
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:12604
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13060
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:4076
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13192
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11540
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13408
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13912
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13404
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:1792
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13432
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:5912
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14396
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14884
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:3176
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14892
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14588
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14348
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:1208
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:15696
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16180
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:15836
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16356
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14492
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16416
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16820
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:17200
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16952
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16940
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:17228
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:17992
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16992
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:18740
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19132
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:18964
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:5440
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7456
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16040
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19756
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20160
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10916
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19468
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20300
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19872
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:16160
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20308
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11624
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20928
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21376
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20884
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13160
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21044
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20988
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:18968
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21848
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22216
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21744
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22208
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21892
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22188
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20108
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22904
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23480
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:7228
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23412
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22200
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23324
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22700
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:17064
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:20648
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23560
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24160
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24564
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:18260
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:21816
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25260
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24560
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25504
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25976
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:26556
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24536
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24368
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25224
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:26380
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:26596
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25396
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19624
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23848
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:15512
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:11808
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:18252
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:26060
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19668
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27620
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27960
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27924
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:26672
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28668
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:12540
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28808
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:29680
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:10940
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:29444
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:13188
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:23488
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28080
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:19792
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27028
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30000
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30532
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:14608
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27144
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30152
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28540
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30784
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:31280
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30876
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:29960
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:27872
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:31248
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24216
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:29044
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:32432
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:32308
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28816
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:33528
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:32948
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30676
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:24888
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:28376
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:2080
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:34032
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:34464
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:25568
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:30048
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:34972
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:35572
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:22260
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:35264
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:36476
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:34688
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:36836
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:32024
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:34280
- - C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    C:\Users\Admin\Documents\pPxE9TLb0d4qPYleMNNy9VIk.exe
    3⤵
    PID:33936
- C:\Users\Admin\Documents\7WE4etNK0RhKjW9McegaUIMj.exe
  "C:\Users\Admin\Documents\7WE4etNK0RhKjW9McegaUIMj.exe"
  2⤵
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:2244
- C:\Users\Admin\Documents\_MpXU8EfETIVPryYc4QNY3Ww.exe
  "C:\Users\Admin\Documents\_MpXU8EfETIVPryYc4QNY3Ww.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1720
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
    3⤵
    - Creates scheduled task(s)
    PID:3516
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST
    3⤵
    - Creates scheduled task(s)
    PID:4704
- C:\Users\Admin\Documents\Mkb1PFczBZ4XYcv_xeEL8YWV.exe
  "C:\Users\Admin\Documents\Mkb1PFczBZ4XYcv_xeEL8YWV.exe"
  2⤵
  - Executes dropped EXE
  PID:2268
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 644
    3⤵
    - Program crash
    - Suspicious use of AdjustPrivilegeToken
    PID:5984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 492
    3⤵
    - Program crash
    PID:5484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 656
    3⤵
    - Program crash
    - Suspicious use of AdjustPrivilegeToken
    PID:5452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 668
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 888
    3⤵
    - Program crash
    PID:6992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 1092
    3⤵
    - Program crash
    PID:6920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 1132
    3⤵
    - Suspicious use of NtCreateProcessExOtherParentProcess
    - Program crash
    PID:6876
- C:\Users\Admin\Documents\0c3FheLRmRNMjjHf1TQCorxs.exe
  "C:\Users\Admin\Documents\0c3FheLRmRNMjjHf1TQCorxs.exe"
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Users\Admin\Documents\Q78fjVjk3_W1ClvckdCNzZFY.exe
  "C:\Users\Admin\Documents\Q78fjVjk3_W1ClvckdCNzZFY.exe"
  2⤵
  - Executes dropped EXE
  PID:4040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 660
    3⤵
    - Program crash
    PID:6056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 696
    3⤵
    - Program crash
    PID:5288
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 672
    3⤵
    - Program crash
    PID:6300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 664
    3⤵
    - Program crash
    PID:7136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 892
    3⤵
    - Program crash
    PID:8104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 1072
    3⤵
    - Program crash
    PID:9068
- C:\Users\Admin\Documents\7WrwQELq2kUmVVxy38H2RJiy.exe
  "C:\Users\Admin\Documents\7WrwQELq2kUmVVxy38H2RJiy.exe"
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe
  "C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe"
  2⤵
  - Executes dropped EXE
  PID:728
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe( CREAteobjecT ("wScRiPT.ShElL" ).RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if """"== """" for %m in ( ""C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe"" ) do taskkill /iM ""%~NXm"" -F" ,0 , TRUE ))
    3⤵
    PID:4520
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if ""== "" for %m in ("C:\Users\Admin\Documents\mO2GGg2i0FkHBz_jJ_NrmAh2.exe" ) do taskkill /iM "%~NXm" -F
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE
        
        IQ0v_FE_.ExE -poRsuYEMryiLi
        5⤵
        
        PID:8732
      - C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe( CREAteobjecT ("wScRiPT.ShElL" ).RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if ""-poRsuYEMryiLi""== """" for %m in ( ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" ) do taskkill /iM ""%~NXm"" -F" ,0 , TRUE ))
        6⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if "-poRsuYEMryiLi"== "" for %m in ("C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" ) do taskkill /iM "%~NXm" -F
        7⤵
        
        PID:16828
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" VHTDDahA.G,XBvVyh
        6⤵
        
        PID:27748
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /iM "mO2GGg2i0FkHBz_jJ_NrmAh2.exe" -F
        5⤵
        Kills process with taskkill
        
        PID:8852
- C:\Users\Admin\Documents\eGJqlGxvvNo1S0VcfOTdvhcK.exe
  "C:\Users\Admin\Documents\eGJqlGxvvNo1S0VcfOTdvhcK.exe"
  2⤵
  - Executes dropped EXE
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\KBAvfsr.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\KBAvfsr.exe"
    3⤵
    - Executes dropped EXE
    PID:4788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 280
      4⤵
      Program crash
      PID:5860
- C:\Users\Admin\Documents\WpnwGcBwXVBYnAOgSuGOMxnh.exe
  "C:\Users\Admin\Documents\WpnwGcBwXVBYnAOgSuGOMxnh.exe"
  2⤵
  - Executes dropped EXE
  PID:3388
- - C:\Users\Admin\Documents\WpnwGcBwXVBYnAOgSuGOMxnh.exe
    "C:\Users\Admin\Documents\WpnwGcBwXVBYnAOgSuGOMxnh.exe" -u
    3⤵
    PID:6020
- C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe
  "C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1580
- - C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe
    "C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe"
    3⤵
    PID:5488
- - C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe
    "C:\Users\Admin\Documents\0DoJDGAGEMly90MKeEs0gAU3.exe"
    3⤵
    PID:4160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 1480
      4⤵
      Program crash
      PID:13800
- C:\Users\Admin\Documents\tdsKRHBSpZ0xQjewFaQkrzXs.exe
  "C:\Users\Admin\Documents\tdsKRHBSpZ0xQjewFaQkrzXs.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3496
- - C:\Program Files (x86)\Company\NewProduct\inst001.exe
    "C:\Program Files (x86)\Company\NewProduct\inst001.exe"
    3⤵
    - Executes dropped EXE
    PID:6124
- - C:\Program Files (x86)\Company\NewProduct\cutm3.exe
    "C:\Program Files (x86)\Company\NewProduct\cutm3.exe"
    3⤵
    - Executes dropped EXE
    PID:2720
- - C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
    "C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
    3⤵
    - Executes dropped EXE
    PID:2324
- C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
  "C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2560
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:4820
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:5068
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:4000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 24
      4⤵
      Program crash
      PID:4920
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:4904
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:5616
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:2548
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:5876
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:5572
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 24
      4⤵
      Program crash
      PID:5720
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:5716
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4188
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4556
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:5424
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6356
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:5312
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    - Executes dropped EXE
    PID:3876
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6672
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7008
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6264
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2100
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6120
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6720
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7084
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2172
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:5152
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4228
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7428
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7792
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8128
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7640
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:920
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4640
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:1620
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8608
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9100
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8720
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6680
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8356
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8588
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:6412
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9336
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9704
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9976
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7192
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9832
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4544
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:5640
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:656
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:1260
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:3624
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7712
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:3644
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:10332
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:10664
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:11124
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8000
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:10788
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:8896
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2280
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:10000
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:11468
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:11928
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2760
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7404
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12336
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12676
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13152
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7872
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12316
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12400
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13432
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13896
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:11552
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14128
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:10356
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13956
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14352
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14832
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15292
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14576
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14456
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9084
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12232
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15792
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:16256
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13200
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12332
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15896
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:16492
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:16912
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17292
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17208
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17376
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17424
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17940
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:18380
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:18072
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19064
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:18704
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19424
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13632
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2352
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19528
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19916
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20380
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19672
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9304
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:2552
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19236
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19356
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20488
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21020
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:14432
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21088
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17456
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19896
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15248
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20308
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22012
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22448
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21976
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20644
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22000
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:18988
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19912
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23040
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23520
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23208
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22024
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22056
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13328
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9208
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:18364
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21468
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23804
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:24360
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:22044
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:24160
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:24704
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15544
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20188
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26064
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:25700
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:25432
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26448
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26504
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26008
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17896
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26396
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:7480
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21108
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:4444
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21500
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20532
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:12488
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:13252
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:27636
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:27484
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28632
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28456
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26700
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:26788
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28704
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29240
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:27680
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29188
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29680
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28168
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:25512
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29012
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:27820
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29928
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:30404
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:29880
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:30560
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:9732
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23696
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17248
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:31096
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:31676
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:23368
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:30940
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:15692
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:27596
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:30144
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:31688
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:32556
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:17248
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28088
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:33136
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:33556
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:33100
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:33620
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:16192
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:31764
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:812
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:34272
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:19800
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:34852
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:35320
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:35616
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:34964
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:28140
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:36528
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:35316
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:36808
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:20320
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:21252
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:34188
- - C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    C:\Users\Admin\Documents\qXpZnq8TTtWPErg6TBCbex1O.exe
    3⤵
    PID:36660
- C:\Users\Admin\Documents\45Ux5PyfV94DYg31_Hcbavqm.exe
  "C:\Users\Admin\Documents\45Ux5PyfV94DYg31_Hcbavqm.exe"
  2⤵
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:3556
- C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
  "C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4316
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:2096
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:5324
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:5960
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:5668
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4236
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5456
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5492
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4300
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:5144
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6328
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4232
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:4752
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    - Executes dropped EXE
    PID:5044
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6640
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7040
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6376
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5016
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 24
      4⤵
      Program crash
      PID:6420
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6872
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6472
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:2724
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6608
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7308
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7684
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:8148
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7788
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7512
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4976
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:8312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 24
      4⤵
      Program crash
      PID:8948
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:8868
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:6312
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:8920
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5096
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9076
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:5176
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9268
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9672
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 24
      4⤵
      Program crash
      PID:9332
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9300
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9872
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9260
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10120
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9700
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:1640
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:9392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 24
      4⤵
      Program crash
      PID:7784
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:2808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 24
      4⤵
      Program crash
      PID:2232
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:8468
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10472
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10924
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10352
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10808
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10264
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7836
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4948
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11284
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11668
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12240
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12100
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11908
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12560
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13028
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12308
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13012
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13040
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12696
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13668
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14228
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:948
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13712
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14328
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11168
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14772
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:15324
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14744
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11040
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12252
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14980
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:15840
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16288
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:10736
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:13132
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:14172
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16580
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17060
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16480
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16456
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17324
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17832
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:18336
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:18000
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19004
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17824
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19304
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:11456
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7944
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19588
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19936
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:20360
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7348
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:20272
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19320
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17024
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17132
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16220
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:20948
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21432
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:15028
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16376
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21408
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:18984
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19108
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22032
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22480
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21648
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22520
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:20552
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:16468
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22844
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7036
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22728
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:7464
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22740
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21592
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:3232
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21556
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:24192
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:23572
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:24492
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21644
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:25584
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22552
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:25736
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26276
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:2052
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26048
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:23204
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:22912
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:25488
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26428
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21056
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:19536
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:18120
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:24016
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26712
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:21324
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:27928
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:27264
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:27844
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:27584
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:28228
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:28848
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:29672
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:29088
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:29580
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26464
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:24548
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26784
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:4472
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:30664
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:30208
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:29780
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:27808
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:18796
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:31052
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:31716
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:30608
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:29672
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:30124
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:28232
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:30296
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:32416
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:31852
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17288
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:33436
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:32936
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:33332
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:17136
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:31328
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:26748
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:34172
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:34804
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:35172
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:35776
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:34968
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:35936
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:36664
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:12796
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:36672
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:32256
- - C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    C:\Users\Admin\Documents\p83xjtndX331_hrkG69GWJ6Z.exe
    3⤵
    PID:34156
- C:\Users\Admin\Documents\RblOqm44S2E7C7Bz4efuudEc.exe
  "C:\Users\Admin\Documents\RblOqm44S2E7C7Bz4efuudEc.exe"
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Users\Admin\Documents\J6CIwxm2NPDniUlg1TTNVlDV.exe
  "C:\Users\Admin\Documents\J6CIwxm2NPDniUlg1TTNVlDV.exe"
  2⤵
  - Executes dropped EXE
  PID:4248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 1460
    3⤵
    - Program crash
    PID:11988
- C:\Users\Admin\Documents\AqoWtro9MgqSDsSrLadohWxp.exe
  "C:\Users\Admin\Documents\AqoWtro9MgqSDsSrLadohWxp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4164
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\Documents\AqoWtro9MgqSDsSrLadohWxp.exe"
    3⤵
    PID:1208
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /T 10 /NOBREAK
      4⤵
      Delays execution with timeout.exe
      PID:14156
- C:\Users\Admin\Documents\vfQVvXcdroPMyVVkqiCQ0HZY.exe
  "C:\Users\Admin\Documents\vfQVvXcdroPMyVVkqiCQ0HZY.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4120
- - C:\Users\Admin\AppData\Roaming\5059982.exe
    "C:\Users\Admin\AppData\Roaming\5059982.exe"
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Roaming\3319487.exe
    "C:\Users\Admin\AppData\Roaming\3319487.exe"
    3⤵
    PID:8436
- - C:\Users\Admin\AppData\Roaming\3738197.exe
    "C:\Users\Admin\AppData\Roaming\3738197.exe"
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Roaming\7166500.exe
    "C:\Users\Admin\AppData\Roaming\7166500.exe"
    3⤵
    PID:8380
- - C:\Users\Admin\AppData\Roaming\5186312.exe
    "C:\Users\Admin\AppData\Roaming\5186312.exe"
    3⤵
    PID:8360
  - - C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
      "C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
      4⤵
      PID:14316
- C:\Users\Admin\Documents\UoIrxuU4_yJvEZ0LYyllfvBT.exe
  "C:\Users\Admin\Documents\UoIrxuU4_yJvEZ0LYyllfvBT.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2812
- - C:\Users\Admin\Documents\UoIrxuU4_yJvEZ0LYyllfvBT.exe
    "C:\Users\Admin\Documents\UoIrxuU4_yJvEZ0LYyllfvBT.exe"
    3⤵
    - Executes dropped EXE
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:3144
- C:\Users\Admin\Documents\5mKuA0UuOoHvg7TNbSwTeByI.exe
  "C:\Users\Admin\Documents\5mKuA0UuOoHvg7TNbSwTeByI.exe"
  2⤵
  - Executes dropped EXE
  PID:4804
- - C:\Users\Admin\AppData\Local\Temp\is-TD20Q.tmp\5mKuA0UuOoHvg7TNbSwTeByI.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-TD20Q.tmp\5mKuA0UuOoHvg7TNbSwTeByI.tmp" /SL5="$202AA,138429,56832,C:\Users\Admin\Documents\5mKuA0UuOoHvg7TNbSwTeByI.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\is-TPC1G.tmp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-TPC1G.tmp\Setup.exe" /Verysilent
      4⤵
      PID:9332
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe"
        5⤵
        
        PID:11564
      - C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe" -a
        6⤵
        
        PID:21884
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\PBrowFile15.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\PBrowFile15.exe"
        5⤵
        
        PID:16244
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\9840432e051a6fa1192594db02b80a4c1fd73456.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\9840432e051a6fa1192594db02b80a4c1fd73456.exe"
        5⤵
        
        PID:13760
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        5⤵
        
        PID:17396
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:14564
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:17664
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:18148
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:11488
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:18820
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19352
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19452
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:18856
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:12252
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19684
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20048
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20424
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19596
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20332
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:7072
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:14544
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20016
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20580
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21200
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20772
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19636
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21240
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:18752
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21256
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21752
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22192
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21316
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22280
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:3812
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:10292
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21720
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22860
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19928
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:23136
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:23388
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:19804
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22336
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20612
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:14920
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:20628
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24000
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24468
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21164
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22504
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24876
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24976
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:64
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:25872
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:26472
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24224
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:23780
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24796
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:25400
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:18244
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24344
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:23592
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24700
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24840
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:10952
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:16812
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:27628
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:28316
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21296
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:26656
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22764
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:9420
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:29016
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21064
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:28064
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:10464
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24180
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:12740
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:29200
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:27424
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:29960
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:27904
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:30416
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:30012
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:30704
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:29320
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:5108
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:31068
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:31616
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:28388
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:30240
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:17100
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:28128
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:16660
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:28420
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:32708
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:32440
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:6032
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:33492
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:33112
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:32584
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:33672
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:32892
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:32288
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:34204
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:30460
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:23460
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:35076
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:35652
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:22252
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:35544
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:36268
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:35668
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:31460
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:21620
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:27620
      - C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"
        6⤵
        
        PID:24460
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe" /Verysilent
        5⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\is-QEOLI.tmp\stats.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-QEOLI.tmp\stats.tmp" /SL5="$7019A,138429,56832,C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe" /Verysilent
        6⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\is-9D7PJ.tmp\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-9D7PJ.tmp\Setup.exe" /Verysilent
        7⤵
        
        PID:26916
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\note866.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\note866.exe"
        5⤵
        
        PID:16336
    - - C:\Program Files (x86)\SmartPDF\SmartPDF\LivelyScreenRecS3.0.exe
        
        "C:\Program Files (x86)\SmartPDF\SmartPDF\LivelyScreenRecS3.0.exe"
        5⤵
        
        PID:16500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 24
1⤵
- Program crash
PID:5944

C:\Users\Admin\AppData\Local\Temp\43DF.exe
C:\Users\Admin\AppData\Local\Temp\43DF.exe
1⤵
PID:27040

C:\Users\Admin\AppData\Roaming\vdciusb
C:\Users\Admin\AppData\Roaming\vdciusb
1⤵
PID:33168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

T1031

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery