ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

Analysis

max time kernel
151s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Size

538KB
MD5

f75ae09aa4561ee8589cc3964023ca65
SHA1

983604923e004e3adc36abf99338e27100c924c6
SHA256

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855
SHA512

eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f
SSDEEP

12288:HdBpZUEgnOTI84LvTjSXF2v4u+lsLhzeMDDimcN9VEd:tO5UIvLvvS0vh+lIhzeseHN9VE

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

IpOverUsbSvrc.exeatiesrx.exeatiesrx.exeatiesrx.exeIpOverUsbSvrc.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exe

pid	process
1872	IpOverUsbSvrc.exe
664	atiesrx.exe
2152	atiesrx.exe
5068	atiesrx.exe
5052	IpOverUsbSvrc.exe
3924	atiesrx.exe
5004	atiesrx.exe
4012	atiesrx.exe
4540	atiesrx.exe
1392	atiesrx.exe
2892	atiesrx.exe
216	atiesrx.exe
4840	atiesrx.exe
2844	atiesrx.exe
3636	atiesrx.exe
1728	atiesrx.exe
3548	atiesrx.exe
1764	atiesrx.exe
2584	atiesrx.exe
2984	atiesrx.exe
4680	atiesrx.exe
3812	atiesrx.exe
5076	atiesrx.exe
1788	atiesrx.exe
2428	atiesrx.exe
1556	atiesrx.exe
2128	atiesrx.exe
4032	atiesrx.exe
3608	atiesrx.exe
3208	atiesrx.exe
3348	atiesrx.exe
3824	atiesrx.exe
5080	atiesrx.exe
1784	atiesrx.exe
736	atiesrx.exe
3552	atiesrx.exe
728	atiesrx.exe
4740	atiesrx.exe
1848	atiesrx.exe
1460	atiesrx.exe
3480	atiesrx.exe
3768	atiesrx.exe
4564	atiesrx.exe
1924	atiesrx.exe
3632	atiesrx.exe
2164	atiesrx.exe
832	atiesrx.exe
2632	atiesrx.exe
2728	atiesrx.exe
4388	atiesrx.exe
4344	atiesrx.exe
1936	atiesrx.exe
4136	atiesrx.exe
4996	atiesrx.exe
2688	atiesrx.exe
2312	atiesrx.exe
432	atiesrx.exe
4708	atiesrx.exe
4268	atiesrx.exe
3268	atiesrx.exe
628	atiesrx.exe
2604	atiesrx.exe
2628	atiesrx.exe
2332	atiesrx.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeatiesrx.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	atiesrx.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

IpOverUsbSvrc.exeIpOverUsbSvrc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Multimedia Class Scheduler = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\IpOverUsbSvrc.exe"	IpOverUsbSvrc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Multimedia Class Scheduler = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\IpOverUsbSvrc.exe"	IpOverUsbSvrc.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeatiesrx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

2580 3320 WerFault.exe atiesrx.exe
1768 4616 WerFault.exe atiesrx.exe
1868 3580 WerFault.exe atiesrx.exe

pid	pid_target	process	target process
2580	3320	WerFault.exe	atiesrx.exe
1768	4616	WerFault.exe	atiesrx.exe
1868	3580	WerFault.exe	atiesrx.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dw20.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dw20.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1120	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
364	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
5020	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1872	IpOverUsbSvrc.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
204	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1872	IpOverUsbSvrc.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
4680	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
3680	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1872	IpOverUsbSvrc.exe
3580	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
4900	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1872	IpOverUsbSvrc.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
3116	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
1872	IpOverUsbSvrc.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeIpOverUsbSvrc.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeatiesrx.exeee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeatiesrx.exeatiesrx.exeIpOverUsbSvrc.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exeatiesrx.exe

description	pid	process
Token: SeDebugPrivilege	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	1120	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	364	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	5020	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	1872	IpOverUsbSvrc.exe
Token: SeDebugPrivilege	204	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4680	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3680	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3580	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4900	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3116	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4604	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	936	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2256	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3444	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2624	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3712	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3840	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4908	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3396	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3364	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	5076	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4600	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3248	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4188	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2568	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3144	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2988	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4804	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	832	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3164	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4068	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3496	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4360	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2736	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2208	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4424	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2428	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	3084	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	1700	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4304	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4616	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	4200	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	664	atiesrx.exe
Token: SeDebugPrivilege	2752	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
Token: SeDebugPrivilege	2152	atiesrx.exe
Token: SeDebugPrivilege	5068	atiesrx.exe
Token: SeDebugPrivilege	5052	IpOverUsbSvrc.exe
Token: SeDebugPrivilege	3924	atiesrx.exe
Token: SeDebugPrivilege	5004	atiesrx.exe
Token: SeDebugPrivilege	4012	atiesrx.exe
Token: SeDebugPrivilege	4540	atiesrx.exe
Token: SeDebugPrivilege	1392	atiesrx.exe
Token: SeDebugPrivilege	2892	atiesrx.exe
Token: SeDebugPrivilege	216	atiesrx.exe
Token: SeDebugPrivilege	4840	atiesrx.exe
Token: SeDebugPrivilege	2844	atiesrx.exe
Token: SeDebugPrivilege	3636	atiesrx.exe
Token: SeDebugPrivilege	1728	atiesrx.exe
Token: SeDebugPrivilege	3548	atiesrx.exe
Token: SeDebugPrivilege	1764	atiesrx.exe
Token: SeDebugPrivilege	2584	atiesrx.exe
Token: SeDebugPrivilege	2984	atiesrx.exe
Token: SeDebugPrivilege	4680	atiesrx.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exeIpOverUsbSvrc.exe

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:620

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1120

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:364

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5020

C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1872

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:664

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5068

C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe"
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:5052

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3924

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5004

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4012

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4540

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1392

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2892

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:216

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4840

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2844

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3636

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1728

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3548

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1764

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2584

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2984

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4680

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3812

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:5076

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1788

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2428

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1556

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2128

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4032

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3608

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3208

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3348

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3824

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:5080

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1784

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:736

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3552

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:728

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4740

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1848

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1460

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3480

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3768

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4564

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1924

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3632

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2164

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:832

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2632

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2728

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4388

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4344

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:1936

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4136

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4996

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2312

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:432

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4708

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:4268

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:3268

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:628

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2604

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2628

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
- Executes dropped EXE
PID:2332

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:204

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:936

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4188

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2736

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4200

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2612

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3440

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1732

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5012

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2608

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:456

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4912

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4428

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2636

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:804

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2976

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:684

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:748

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4600

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1468

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2036

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:224

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4192

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4764

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1664

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1856

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4320

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4924

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2920

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2176

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2224

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4780

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:944

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3840

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 420
5⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2652

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4828

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1716

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3864

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:520

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4904

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5040

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5096

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1264

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3136

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3644

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1628

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4620

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4992

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2784

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1592

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2492

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2656

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:812

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2232

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3508

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4416

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4308

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1080

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2108

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4716

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 280
5⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4640

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4352

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4976

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2084

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3416

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3676

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4304

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4376

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3376

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:400

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3728

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3900

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4360

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2208

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1276

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:392

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4760

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1036

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3132

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 428
5⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:536

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3256

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4860

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2212

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2548

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4248

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4252

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3524

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2988

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2160

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1412

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1736

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1420

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1596

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2368

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:620

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2040

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:308

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2884

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:32

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3876

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4204

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2376

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3836

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:624

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4300

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1940

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1600

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5136

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5184

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5232

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5276

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5328

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5376

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5424

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5472

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5520

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5568

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5616

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5668

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5716

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5764

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5812

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5860

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5908

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5956

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6004

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6052

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6100

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5132

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5156

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5208

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5244

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5316

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5384

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5456

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5492

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5544

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5596

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5628

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5756

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5776

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5836

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5900

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5964

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6020

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6064

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6120

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5168

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5212

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5300

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5372

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5432

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5448

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5552

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 424
5⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:5588

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5648

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5712

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5772

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5876

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5936

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5980

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6032

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6140

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5176

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5240

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5296

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5420

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5484

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5548

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5692

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5576

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5824

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5892

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5952

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6024

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6092

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5180

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5264

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5368

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1560

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5532

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5724

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5732

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5792

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5896

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5916

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5152

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5172

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5320

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5396

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5516

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5660

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5928

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5832

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6000

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6108

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5248

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3516

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5460

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5600

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5820

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5872

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6012

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2580

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5272

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5452

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5608

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5744

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5976

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6040

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5196

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5528

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5464

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5804

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5984

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6080

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1492

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5392

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5728

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2044

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4544

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5612

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6068

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6076

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5636

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5684

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5904

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2140

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5436

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:888

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5940

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5704

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5972

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3368

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5504

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2076

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3536

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2684

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5752

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3700

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2324

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5688

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4424

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3464

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:964

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5564

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4472

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3068

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4856

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1712

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5288

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2932

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6156

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6204

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6252

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6300

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6348

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6396

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6444

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6492

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6540

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6588

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6636

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6684

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6732

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6780

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6828

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6876

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6924

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6972

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7020

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7068

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7116

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7164

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6200

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6244

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6264

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6344

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6388

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6432

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6480

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6572

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6604

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6656

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6708

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6772

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6816

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6908

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6940

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6996

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7048

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7104

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4876

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6212

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6224

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6308

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6392

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6408

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6524

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6564

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6628

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6692

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6776

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6860

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6896

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6992

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7028

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7108

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7128

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6296

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6324

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6312

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6424

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4052

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6580

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6664

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6724

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6808

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6844

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6984

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7100

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7132

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2320

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6228

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6380

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6472

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6504

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6568

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3472

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6804

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6900

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6968

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7136

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7160

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6268

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6280

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6436

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6552

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6680

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6756

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6932

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7060

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7064

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6260

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6288

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6440

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6668

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5028

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6884

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7084

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7148

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6192

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:744

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6536

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6608

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6824

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3196

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6292

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6412

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6596

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6712

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7076

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6276

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6232

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6488

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6720

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7088

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6148

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4768

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6764

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6848

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6476

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6792

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6740

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5104

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2244

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6856

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6332

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6752

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6916

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6460

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6988

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3652

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6184

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5740

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3816

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3796

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7180

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7224

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7276

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7324

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7372

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7420

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7468

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7516

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7564

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7616

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7664

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7712

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7760

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7808

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7856

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7904

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7952

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8000

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8048

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8096

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8144

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3396

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7196

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7248

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7300

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7368

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7452

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7484

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7540

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7584

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7644

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7700

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7792

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7820

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7876

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7932

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8044

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8068

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8140

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8180

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7204

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7264

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7360

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7396

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7448

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7600

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7604

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7680

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7732

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7816

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7948

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8032

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8024

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8104

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8156

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7216

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7352

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7364

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7508

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7504

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7596

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7692

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7840

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7836

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7912

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7972

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8128

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6404

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7244

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7392

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7440

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7524

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:1248

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7684

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7780

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7916

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8036

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8124

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6164

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7308

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7460

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7656

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7636

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7776

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7844

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8112

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7192

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4368

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3064

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4228

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7572

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7748

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7772

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8008

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8092

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7284

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7428

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4796

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7708

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7896

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8056

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5112

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7172

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7312

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7500

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7632

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7996

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:5116

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:836

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7356

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7412

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7796

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7892

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3732

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8160

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 428
5⤵
PID:7388

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7576

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7704

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8120

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7208

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7444

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:968

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7848

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7296

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:3528

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7864

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:6484

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2868

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7188

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7492

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4756

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7924

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7176

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7888

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7512

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2056

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8084

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8132

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4568

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7960

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4712

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:2500

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:8152

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:7544

C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe"
4⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:204

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4680

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3680

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4900

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3116

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:936

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3444

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3840

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4908

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3396

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3364

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4600

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3248

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4188

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2568

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3144

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4804

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:832

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3164

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4068

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3496

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2736

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2428

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3084

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1700

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4304

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4616

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4200

C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
"C:\Users\Admin\AppData\Local\Temp\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3320 -ip 3320
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4616 -ip 4616
1⤵
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3580 -ip 3580
1⤵
PID:2052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\IpOverUsbSvrc.exe.log
Filesize
224B

MD5
c19eb8c8e7a40e6b987f9d2ee952996e

SHA1
6fc3049855bc9100643e162511673c6df0f28bfb

SHA256
677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a

SHA512
860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\atiesrx.exe.log
Filesize
246B

MD5
5ccdcbb7a3f9f299d94a6f734d780727

SHA1
9e585d0922644abcbb6abaeeea0d1caebb0c2ee7

SHA256
418fde376eaf64305f378e91a829731ae94f2c720005931abfb1fc61e002b41a

SHA512
b82ec25c3b3df0402375ac9c7ca8b94245d894c7819e87187660c6c57fa4d6a37bb05a7ce7fb2fded229edcf1e1795afc390a537e84fe7bcce5a8a3c4bf26c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe.log
Filesize
246B

MD5
5ccdcbb7a3f9f299d94a6f734d780727

SHA1
9e585d0922644abcbb6abaeeea0d1caebb0c2ee7

SHA256
418fde376eaf64305f378e91a829731ae94f2c720005931abfb1fc61e002b41a

SHA512
b82ec25c3b3df0402375ac9c7ca8b94245d894c7819e87187660c6c57fa4d6a37bb05a7ce7fb2fded229edcf1e1795afc390a537e84fe7bcce5a8a3c4bf26c59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
Filesize
12KB

MD5
124c70db1af1aac05f8b7fe8bfd57eba

SHA1
552680beee70842af9fcb8e9c57bd0b64c9aa4c8

SHA256
51cf9c65901a2f86e680e8ad33def5480c39626cf35847e58e5f70f6e658ad3f

SHA512
f498a25598d969bc1fb3c06ba9fcf4824895d620bc1c401b7977eb2e2b51d881eb233fc82e8e5be199dd907e96031f890d5d36059d463a838949bbb278d6aee4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
Filesize
12KB

MD5
124c70db1af1aac05f8b7fe8bfd57eba

SHA1
552680beee70842af9fcb8e9c57bd0b64c9aa4c8

SHA256
51cf9c65901a2f86e680e8ad33def5480c39626cf35847e58e5f70f6e658ad3f

SHA512
f498a25598d969bc1fb3c06ba9fcf4824895d620bc1c401b7977eb2e2b51d881eb233fc82e8e5be199dd907e96031f890d5d36059d463a838949bbb278d6aee4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
Filesize
12KB

MD5
124c70db1af1aac05f8b7fe8bfd57eba

SHA1
552680beee70842af9fcb8e9c57bd0b64c9aa4c8

SHA256
51cf9c65901a2f86e680e8ad33def5480c39626cf35847e58e5f70f6e658ad3f

SHA512
f498a25598d969bc1fb3c06ba9fcf4824895d620bc1c401b7977eb2e2b51d881eb233fc82e8e5be199dd907e96031f890d5d36059d463a838949bbb278d6aee4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\IpOverUsbSvrc.exe
Filesize
12KB

MD5
124c70db1af1aac05f8b7fe8bfd57eba

SHA1
552680beee70842af9fcb8e9c57bd0b64c9aa4c8

SHA256
51cf9c65901a2f86e680e8ad33def5480c39626cf35847e58e5f70f6e658ad3f

SHA512
f498a25598d969bc1fb3c06ba9fcf4824895d620bc1c401b7977eb2e2b51d881eb233fc82e8e5be199dd907e96031f890d5d36059d463a838949bbb278d6aee4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\atiesrx.exe
Filesize
538KB

MD5
f75ae09aa4561ee8589cc3964023ca65

SHA1
983604923e004e3adc36abf99338e27100c924c6

SHA256
ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855

SHA512
eae732cfd5d4df7c886fe29f95b889572e70ee01a50f09de8709b2d5b04334da9b436e492761c0cda87cc4ad600076fb070cd10f4914e7349c38e74a92a3f64f

Download Submit
memory/204-154-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/204-209-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/204-146-0x0000000000000000-mapping.dmp

Download
memory/216-313-0x0000000000000000-mapping.dmp

Download
memory/216-317-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/364-137-0x0000000000000000-mapping.dmp

Download
memory/364-140-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-133-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-272-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-132-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/664-216-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/664-149-0x0000000000000000-mapping.dmp

Download
memory/664-156-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/832-229-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/832-227-0x0000000000000000-mapping.dmp

Download
memory/936-173-0x0000000000000000-mapping.dmp

Download
memory/936-175-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1120-134-0x0000000000000000-mapping.dmp

Download
memory/1120-135-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1120-136-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1392-306-0x0000000000000000-mapping.dmp

Download
memory/1392-309-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1700-258-0x0000000000000000-mapping.dmp

Download
memory/1700-260-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1728-331-0x0000000000000000-mapping.dmp

Download
memory/1764-339-0x0000000000000000-mapping.dmp

Download
memory/1872-143-0x0000000000000000-mapping.dmp

Download
memory/1872-197-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1872-152-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/1872-274-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2152-278-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2152-275-0x0000000000000000-mapping.dmp

Download
memory/2208-245-0x0000000000000000-mapping.dmp

Download
memory/2208-247-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2256-176-0x0000000000000000-mapping.dmp

Download
memory/2256-178-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2428-251-0x0000000000000000-mapping.dmp

Download
memory/2428-253-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2568-214-0x0000000000000000-mapping.dmp

Download
memory/2568-217-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2584-343-0x0000000000000000-mapping.dmp

Download
memory/2624-182-0x0000000000000000-mapping.dmp

Download
memory/2624-184-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2736-242-0x0000000000000000-mapping.dmp

Download
memory/2736-244-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2752-270-0x0000000000000000-mapping.dmp

Download
memory/2752-273-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2844-322-0x0000000000000000-mapping.dmp

Download
memory/2892-310-0x0000000000000000-mapping.dmp

Download
memory/2892-316-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2984-347-0x0000000000000000-mapping.dmp

Download
memory/2988-223-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/2988-220-0x0000000000000000-mapping.dmp

Download
memory/3084-254-0x0000000000000000-mapping.dmp

Download
memory/3084-257-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3116-169-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3116-167-0x0000000000000000-mapping.dmp

Download
memory/3144-291-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3144-218-0x0000000000000000-mapping.dmp

Download
memory/3144-221-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3164-232-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3164-230-0x0000000000000000-mapping.dmp

Download
memory/3248-210-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3248-207-0x0000000000000000-mapping.dmp

Download
memory/3364-198-0x0000000000000000-mapping.dmp

Download
memory/3364-200-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3396-196-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3396-194-0x0000000000000000-mapping.dmp

Download
memory/3444-179-0x0000000000000000-mapping.dmp

Download
memory/3444-181-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3496-239-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3496-236-0x0000000000000000-mapping.dmp

Download
memory/3548-335-0x0000000000000000-mapping.dmp

Download
memory/3580-161-0x0000000000000000-mapping.dmp

Download
memory/3580-163-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3636-327-0x0000000000000000-mapping.dmp

Download
memory/3680-160-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3680-158-0x0000000000000000-mapping.dmp

Download
memory/3712-185-0x0000000000000000-mapping.dmp

Download
memory/3712-187-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3812-355-0x0000000000000000-mapping.dmp

Download
memory/3840-188-0x0000000000000000-mapping.dmp

Download
memory/3840-192-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3840-256-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3924-293-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/3924-288-0x0000000000000000-mapping.dmp

Download
memory/4012-298-0x0000000000000000-mapping.dmp

Download
memory/4012-301-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4068-233-0x0000000000000000-mapping.dmp

Download
memory/4068-235-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4188-211-0x0000000000000000-mapping.dmp

Download
memory/4188-213-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4200-269-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4200-267-0x0000000000000000-mapping.dmp

Download
memory/4304-263-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4304-261-0x0000000000000000-mapping.dmp

Download
memory/4360-238-0x0000000000000000-mapping.dmp

Download
memory/4360-241-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4424-248-0x0000000000000000-mapping.dmp

Download
memory/4424-250-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4540-305-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4540-302-0x0000000000000000-mapping.dmp

Download
memory/4600-206-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4600-204-0x0000000000000000-mapping.dmp

Download
memory/4604-172-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4604-170-0x0000000000000000-mapping.dmp

Download
memory/4616-266-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4616-264-0x0000000000000000-mapping.dmp

Download
memory/4680-157-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4680-351-0x0000000000000000-mapping.dmp

Download
memory/4680-153-0x0000000000000000-mapping.dmp

Download
memory/4804-224-0x0000000000000000-mapping.dmp

Download
memory/4804-226-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4840-321-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4840-318-0x0000000000000000-mapping.dmp

Download
memory/4900-166-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4900-164-0x0000000000000000-mapping.dmp

Download
memory/4908-193-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/4908-190-0x0000000000000000-mapping.dmp

Download
memory/5004-297-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/5004-294-0x0000000000000000-mapping.dmp

Download
memory/5020-141-0x0000000000000000-mapping.dmp

Download
memory/5020-144-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/5052-282-0x0000000000000000-mapping.dmp

Download
memory/5052-292-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/5068-279-0x0000000000000000-mapping.dmp

Download
memory/5068-287-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download
memory/5076-201-0x0000000000000000-mapping.dmp

Download
memory/5076-203-0x0000000074D20000-0x00000000752D1000-memory.dmp

Filesize
5.7MB

Download

description	pid	process	target process
PID 620 set thread context of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4900	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3116	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4604	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 936	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2256	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3444	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2624	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3712	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3840	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4908	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3396	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 5076	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4600	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3248	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4188	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2568	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3144	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2988	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4804	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 832	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3164	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4068	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3496	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4360	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2736	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2208	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4424	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2428	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 3084	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 1700	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4304	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4616	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 4200	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 set thread context of 2752	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 664 set thread context of 2152	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 5068	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 3924	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 5004	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 4012	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 4540	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 1392	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 2892	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 216	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 4840	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 2844	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 3636	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 1728	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 3548	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 1764	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 2584	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 2984	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 4680	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 3812	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 5076	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 1788	664	atiesrx.exe	atiesrx.exe
PID 664 set thread context of 2428	664	atiesrx.exe	atiesrx.exe

description	pid	process	target process
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1120	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 364	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 5020	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 1872	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	IpOverUsbSvrc.exe
PID 620 wrote to memory of 1872	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	IpOverUsbSvrc.exe
PID 620 wrote to memory of 1872	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	IpOverUsbSvrc.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 204	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 1872 wrote to memory of 664	1872	IpOverUsbSvrc.exe	atiesrx.exe
PID 1872 wrote to memory of 664	1872	IpOverUsbSvrc.exe	atiesrx.exe
PID 1872 wrote to memory of 664	1872	IpOverUsbSvrc.exe	atiesrx.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3680	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 3580	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4900	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe
PID 620 wrote to memory of 4900	620	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe	ee8b016b6014b673c4f4dfddf42b31b5e1dfb86c70e8f53eb4e1c0875610a855.exe