ae1d2fc3c4a341973ebb044ca97551bfc03795b06a8fad6422306ab068d0b260

Analysis

max time kernel
87s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

StreamHelpersSetup.exe
Size

5.1MB
MD5

204d43f3f04ab08863730428aef33a0e
SHA1

9a13f8f7b230be2ab7eeb2b21240041e5209495f
SHA256

ae1d2fc3c4a341973ebb044ca97551bfc03795b06a8fad6422306ab068d0b260
SHA512

7555201978828c71006decbf09dad8ff4535fe572438fdc41ed0a990073bccca43525da1a6c639fb6a7313642dcde608a3440b7de68b158336da1aaf5b21a7d1
SSDEEP

98304:VABCUgjLwvDqtrJwnN5xdnbzXzt4AM0faL6qutk1RsmVmjcJoO9VePFuLmho:iBx6qN5bnty0yLYtUyXcCO9VePamm

Score

7^/10

bootkit persistence ransomware

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

StreamHelpersSetup.exeWScript.execmd.exeWScript.execmd.exeWScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	StreamHelpersSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	WScript.exe

Executes dropped EXE 1 IoCs

Processes:

booster.exe

pid process

852 booster.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

booster.exe

description ioc process

File opened for modification \??\PhysicalDrive0 booster.exe

pid	process
852	booster.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	booster.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\risi.bmp"	reg.exe

Drops file in Program Files directory 36 IoCs

Processes:

StreamHelpersSetup.exe

description	ioc	process
File created	C:\Program Files (x86)\StreamHelper\boosteur.bat	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\disk.vbs	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\voice.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\cactus.wav	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\voice.vbs	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\dance.mp3	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\cactus.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\__tmp_rar_sfx_access_check_240543593	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\melter.exe	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\tbi.vbs	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\sup.bat	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\cactus.vbs	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\launch.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\booster.exe	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\lol.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\risi.bmp	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\boosteur.bat	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\disk.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\music.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\launch.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\lol.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\tbi.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\disco.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\sup.bat	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\booster.exe	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\risi.bmp	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\cactus.wav	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\dance.mp3	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\disco.vbs	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\quiche.bat	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\melter.exe	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\boost.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\quiche.bat	StreamHelpersSetup.exe
File opened for modification	C:\Program Files (x86)\StreamHelper\music.vbs	StreamHelpersSetup.exe
File created	C:\Program Files (x86)\StreamHelper\boost.vbs	StreamHelpersSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Delays execution with timeout.exe 3 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid process

1508 timeout.exe
3344 timeout.exe
3620 timeout.exe

pid	process
1508	timeout.exe
3344	timeout.exe
3620	timeout.exe

Kills process with taskkill 10 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
4864	taskkill.exe
440	taskkill.exe
4528	taskkill.exe
3436	taskkill.exe
336	taskkill.exe
3728	taskkill.exe
2664	taskkill.exe
2676	taskkill.exe
2920	taskkill.exe
2244	taskkill.exe

Modifies registry class 3 IoCs

Processes:

StreamHelpersSetup.execmd.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	StreamHelpersSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

4112 reg.exe
Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

5032 NOTEPAD.EXE
3796 NOTEPAD.EXE

pid	process
4112	reg.exe

pid	process
5032	NOTEPAD.EXE
3796	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

taskkill.exeAUDIODG.EXEtaskkill.exetaskkill.exeWScript.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	3436	taskkill.exe
Token: 33	3044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3044	AUDIODG.EXE
Token: SeDebugPrivilege	2920	taskkill.exe
Token: SeDebugPrivilege	2244	taskkill.exe
Token: SeDebugPrivilege	336	WScript.exe
Token: SeDebugPrivilege	3728	taskkill.exe
Token: SeDebugPrivilege	4864	taskkill.exe
Token: SeDebugPrivilege	2664	taskkill.exe
Token: SeDebugPrivilege	2676	taskkill.exe
Token: SeDebugPrivilege	4528	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

StreamHelpersSetup.exeWScript.execmd.exeWScript.execmd.exeWScript.exe

description	pid	process	target process
PID 4536 wrote to memory of 1708	4536	StreamHelpersSetup.exe	WScript.exe
PID 4536 wrote to memory of 1708	4536	StreamHelpersSetup.exe	WScript.exe
PID 4536 wrote to memory of 1708	4536	StreamHelpersSetup.exe	WScript.exe
PID 1708 wrote to memory of 2948	1708	WScript.exe	cmd.exe
PID 1708 wrote to memory of 2948	1708	WScript.exe	cmd.exe
PID 1708 wrote to memory of 2948	1708	WScript.exe	cmd.exe
PID 2948 wrote to memory of 2224	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 2224	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 2224	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 1508	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 1508	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 1508	2948	cmd.exe	timeout.exe
PID 2224 wrote to memory of 4184	2224	WScript.exe	cmd.exe
PID 2224 wrote to memory of 4184	2224	WScript.exe	cmd.exe
PID 2224 wrote to memory of 4184	2224	WScript.exe	cmd.exe
PID 4184 wrote to memory of 264	4184	cmd.exe	cacls.exe
PID 4184 wrote to memory of 264	4184	cmd.exe	cacls.exe
PID 4184 wrote to memory of 264	4184	cmd.exe	cacls.exe
PID 4184 wrote to memory of 2648	4184	cmd.exe	WScript.exe
PID 4184 wrote to memory of 2648	4184	cmd.exe	WScript.exe
PID 4184 wrote to memory of 2648	4184	cmd.exe	WScript.exe
PID 2648 wrote to memory of 852	2648	WScript.exe	booster.exe
PID 2648 wrote to memory of 852	2648	WScript.exe	booster.exe
PID 2648 wrote to memory of 852	2648	WScript.exe	booster.exe
PID 2948 wrote to memory of 1284	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 1284	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 1284	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 3344	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 3344	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 3344	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 3436	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 3436	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 3436	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 3240	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 3240	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 3240	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 3620	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 3620	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 3620	2948	cmd.exe	timeout.exe
PID 2948 wrote to memory of 2920	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2920	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2920	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2244	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2244	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2244	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 336	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 336	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 336	2948	cmd.exe	WScript.exe
PID 2948 wrote to memory of 3728	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 3728	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 3728	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 4864	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 4864	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 4864	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2664	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2664	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2664	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2676	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2676	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 2676	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 440	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 440	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 440	2948	cmd.exe	taskkill.exe
PID 2948 wrote to memory of 4528	2948	cmd.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\StreamHelpersSetup.exe
"C:\Users\Admin\AppData\Local\Temp\StreamHelpersSetup.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4536

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\launch.vbs"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c quiche.bat
3⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2948

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\boost.vbs"
4⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c boosteur.bat
5⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4184

C:\Windows\SysWOW64\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
6⤵
PID:264

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"
6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\booster.exe
"C:\Users\Admin\AppData\Local\Temp\booster.exe"
7⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:852

C:\Windows\SysWOW64\timeout.exe
timeout /t 8
4⤵
- Delays execution with timeout.exe
PID:1508

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\tbi.vbs"
4⤵
PID:1284

C:\Windows\SysWOW64\timeout.exe
timeout /t 60
4⤵
- Delays execution with timeout.exe
PID:3344

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im spotify.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3436

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\voice.vbs"
4⤵
PID:3240

C:\Windows\SysWOW64\timeout.exe
timeout /t 15
4⤵
- Delays execution with timeout.exe
PID:3620

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2920

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im javaw.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2244

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im hl2.exe
4⤵
- Kills process with taskkill
PID:336

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Fortnite.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3728

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im steam.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2664

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2676

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Roblox Game Client.exe
4⤵
- Kills process with taskkill
PID:440

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im ROBLOX.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Control Panel\Desktop" /V Wallpaper /F /T REG_SZ /D "C:\Users\Admin\risi.bmp"
4⤵
- Sets desktop wallpaper using registry
PID:4732

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
4⤵
PID:2672

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
4⤵
- Modifies registry key
PID:4112

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:2472

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\music.vbs"
4⤵
PID:2980

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c sup.bat
5⤵
PID:9820

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\disk.vbs"
4⤵
PID:3972

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\disco.vbs"
4⤵
PID:3248

C:\Windows\SysWOW64\shutdown.exe
shutdown -r -t 300 -c "Dans 5 minutes tu n'as plus de PC fils de viol, le 18-25 t'a bien baiser le cul :)"
4⤵
PID:3256

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:2296

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:636

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3628

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2428

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3912

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3744

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5052

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3564

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1400

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1420

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5040

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:428

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1516

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3344

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1396

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1492

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1520

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3440

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:3640

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1552

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3736

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1052

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1748

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4840

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2292

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2768

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:336

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1964

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4308

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2740

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3612

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3264

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1944

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3648

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:1564

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2404

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4592

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4184

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1704

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4056

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3852

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2100

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1828

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:760

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2456

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4724

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2224

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4148

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:4356

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3512

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1032

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1324

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1268

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:5132

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5172

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5220

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5232

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5256

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5320

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5340

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5360

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5420

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5444

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5460

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5528

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5556

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5576

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5592

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5652

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5692

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5716

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5772

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:5784

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5820

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5844

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5872

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5924

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5936

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5952

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5992

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6036

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6096

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6116

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5148

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5180

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5244

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5328

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5436

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5768

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5828

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6012

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2104

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:6128

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6156

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6216

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6256

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6272

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6296

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6372

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6388

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6404

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6440

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6500

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6540

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6552

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6572

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6640

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6656

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6680

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6752

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:6768

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6800

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6824

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6844

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6880

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6948

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6960

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6988

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7048

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7072

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7124

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6212

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6468

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6508

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6820

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6968

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7044

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7108

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:2336

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7172

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7192

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7212

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7284

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7308

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7328

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7396

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7432

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7444

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7472

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7540

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7556

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7584

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7648

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7664

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7732

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7764

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7812

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:7836

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7848

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7916

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7904

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7980

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7992

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8052

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8068

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8088

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8116

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8156

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2360

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7296

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7452

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7516

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7760

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7932

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7976

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:8084

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7712

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8040

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8204

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8268

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8312

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8328

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8396

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8412

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8440

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8496

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8520

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8556

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8592

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8648

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8688

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8704

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8764

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8780

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8848

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8864

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8888

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:8832

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8952

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8996

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8984

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9024

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9084

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9124

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9164

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8196

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8308

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8388

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8616

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8640

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8716

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8896

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:8264

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8424

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8748

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:8960

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9276

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9288

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9348

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9368

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9456

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9500

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9516

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9528

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9600

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9644

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9664

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9716

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9736

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9892

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:9904

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9956

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9992

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10032

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10068

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10128

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10172

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10184

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9256

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9360

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9452

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9748

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9788

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9856

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9920

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10136

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9432

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9636

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:9848

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:10264

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10280

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10296

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10360

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10376

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10404

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10432

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10484

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10504

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10532

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10556

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10576

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10656

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10664

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10720

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10744

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10780

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10812

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10856

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:10872

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10896

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10948

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10988

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11000

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11024

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11096

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11108

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11132

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11208

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11220

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11252

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10620

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10676

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:10836

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11168

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11052

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11248

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:11276

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11332

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11344

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11364

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11432

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11444

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11456

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11476

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11564

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11576

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11632

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11644

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11660

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11736

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11748

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11780

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11856

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11872

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11932

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:11996

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12016

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12088

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12152

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12168

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11428

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2972

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11844

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11864

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:1892

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:3812

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11760

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:11900

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12220

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12516

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12536

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12552

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12648

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:12664

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12692

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12764

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12776

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12808

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12860

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12880

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12972

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13024

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13116

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13132

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13212

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13236

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13252

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:724

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12496

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:12700

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13008

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13032

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:5536

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5624

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:2148

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:5836

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13328

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13408

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13480

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13492

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13532

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13616

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13696

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13756

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13780

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13812

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13908

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13928

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13948

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14040

C:\Program Files (x86)\StreamHelper\melter.exe
melter.exe
4⤵
PID:14060

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14084

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14112

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14208

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14220

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14304

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14320

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13336

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6248

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13752

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:13936

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14004

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7136

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:6536

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:7320

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14388

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14400

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14488

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14552

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14604

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14668

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14680

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14696

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\StreamHelper\lol.vbs"
4⤵
PID:14824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SearchWatch.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x3cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3044

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\PushSend.ps1xml
1⤵
- Opens file in notepad (likely ransom note)
PID:3796

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\StreamHelper\boost.vbs
Filesize
120B

MD5
f3e07dede674b896bcc801136c44071c

SHA1
ca247f4409fe13b67a56f9a6ad7ec283c0b94b8d

SHA256
8e82588c88ee82e8b8903d6151f8955ba10b200e85790da40ec2f0c5fd70db92

SHA512
9751a0bf42bd02a23d3108fd5c859d5b213946eb3a929c6f5ec68d185f728edb67f7bac3e51ad3100bf4d3b8588b24bc4c8a03e13ee965bd9f4091c607f07303

Download Submit
C:\Program Files (x86)\StreamHelper\booster.exe
Filesize
43KB

MD5
f08519331b54f872eb2b4843e28ca379

SHA1
ef12b99f1350f795a0a4b7c5e0cc717c9f029ac2

SHA256
3ac6a07b9f9a3147a01e2bbbdd1fa146a9d3cc8270012b474b4904ae85c466b8

SHA512
a101caf11255b3f83db2dfeddd4e3e84a1be5d4c31c8b89f373f87699559e7700341e03849bf723ec151df58ebfd3828c8c21aed363bc303685c39e76294ee6c

Download Submit
C:\Program Files (x86)\StreamHelper\boosteur.bat
Filesize
770B

MD5
5519eeb4c771e20f731ce5c26ff4f603

SHA1
016929997064f4129fa2f629bdb46590c31d6968

SHA256
f7c4089aac4c4fcfbcf6b1fe5b3ee95f8691d3f418f4c205f71512b7c9a5b27a

SHA512
a21b83234cd159c4da3ca21ec1149b35ca661c86e1be6b52b3812c5513c1c3cde3d8edd3024d4c81aa9a421e0e5d8cfe8c178e40f514982182f5c2e5ef5ec046

Download Submit
C:\Program Files (x86)\StreamHelper\cactus.wav
Filesize
4.8MB

MD5
161f58c22f8a3bca7173d02ca6d6d73e

SHA1
5d52baec0ac4c107e8842f82eaf626067510e49b

SHA256
4c862183628a081c9373b75c4976150c8446decfa3a62c466533ec8b35702b6b

SHA512
5a98a86140975916e9528cf9051e06093791eaa1cc6e19cabcd740b7daeb4bfd45badc1aebe54ebc7227e24a7fc666547afc11ef5aecabdd5957c64710cc2e47

Download Submit
C:\Program Files (x86)\StreamHelper\dance.mp3
Filesize
2.0MB

MD5
c102479ae6d60d131bd1034f9eb8193e

SHA1
81a6b2703e0be14ea6dc040dacc6da149a0d299c

SHA256
c5ad168f5b28fdb733e953d6e61453f4223101288e3fbcc9d0c4855dcf6aa8aa

SHA512
df7b0a80f83fc275f0adf4e0e2f682e83454ea8716d18465075a9c555357e6f41743258984bf4bff3e8894bdfbf10fabd1a7b5d176b0581555bdec551d22a4b8

Download Submit
C:\Program Files (x86)\StreamHelper\disco.vbs
Filesize
177B

MD5
38dae080aaa5ff588d7be3f094c92a0a

SHA1
6f9577e34e542d6b57f53cc6b0391466a83b7a98

SHA256
9d95e003f63da579778670ef6c7e08f257a17ba8c39921f178a04f531539ac80

SHA512
7e30d94837cb0c4e505be9aad5555f721ae79a13362a588dc76211c68ec40862c6962d2352d44d7c95d93ce2352f1da7d06db3c104cb9f607b9af9bdae470297

Download Submit
C:\Program Files (x86)\StreamHelper\disk.vbs
Filesize
150B

MD5
0f15b8498b07d33a2a6ef7fbc99d881d

SHA1
9f535201f0c139e20e268606385680e426f6101f

SHA256
6eccc84353a61dda9f563e40844ec6047cd9df7e2c1c6294d264e6397ec60a46

SHA512
dc02c3fe1d1ddf16114216a39ce37c94221f82353204be94886c73687ead2e072efba60b70f145a614c9e5c9159e2fcf6c426c65703043e8baa1772001522397

Download Submit
C:\Program Files (x86)\StreamHelper\launch.vbs
Filesize
118B

MD5
bd9f638588edfd9b5d1041737a76d13e

SHA1
e4be0b88fc48a5cabea3663e19bbc98354c102a1

SHA256
a55ca437d6cf437bfa228d70f78f201078e855acbfebb08dee3f3c21a5990c6d

SHA512
676d0143fb72f65b6874a930f326cd0edba27693d16207845f99c2791e5b2468bfb842f83f99c4a5ec66c460ddf43ddf0ddc025350fdf89ca3c386b091c15d40

Download Submit
C:\Program Files (x86)\StreamHelper\lol.vbs
Filesize
103B

MD5
3f84670acb185eec13ebbf2bab4164c1

SHA1
05dfb8debf1508d1617b823fb0085169f2c517b4

SHA256
40d63af92dee0590287eb438b1f684149eb278d522e9f96ffa230ff99171686a

SHA512
faf42f0438ee578298fc23682feccc9a617d5cde1e0bb1a33a4502dfabe26e6d4f0845f673650aca4a5d271ecea44215d32ba499744a5104b7fd356fe19ab349

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\melter.exe
Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Program Files (x86)\StreamHelper\music.vbs
Filesize
444B

MD5
20e249d880d08eb08c238fa98ce92fe2

SHA1
0798d99f13578457a236436bcdc02ce6947ab6cf

SHA256
6b836dcc27bc5c12cfd948cd34f1bf225eac5ef929d0235f71d4c6e69277a7aa

SHA512
ee54aaac04e013a436c65b35ebdefc5680b295a2e7f3473978124feaa012b705549cc2c92bdd8c53b66808e277255b5cad9a685cb6d3105f6dcdcd5d2a71ebb5

Download Submit
C:\Program Files (x86)\StreamHelper\quiche.bat
Filesize
6KB

MD5
af491a3748d2664941f34d496825e0c5

SHA1
3bac0f5601fe339d0e08c0d6a27aa3a97a7c739a

SHA256
22c2a53e915cce9081bf126a9aa7a439607bcaf4ae6cb6a80f9bb3fd74f1625f

SHA512
09f4c34ebc909de7fc9c8a788321de2cf218be647f6954a54b03fa2ca2cbde1ffdff25f1f8cd643659687dcef8320d4c17080b4572f3be062df063c4ecb918e4

Download Submit
C:\Program Files (x86)\StreamHelper\risi.bmp
Filesize
3.8MB

MD5
0c3585edc3299bd0fb8e15f0efe29609

SHA1
e26dd5616724bc823528e4b420ddebec0762e2f1

SHA256
7d7738bd9c53db91229c8569477a68d8089d26bafacf8cbd8b41be52d186a7e3

SHA512
364544c5fc25e294cd30a956e21c863ef99d3b7dbbd5ff582b295610e00f8695d95d3d1d6aa30246295c87e6063c9d17ee9b5d3b4b3775dadb7e0954132c4e31

Download Submit
C:\Program Files (x86)\StreamHelper\sup.bat
Filesize
55B

MD5
9073ecdece799357e2732b4953cf338f

SHA1
c99f4cb06e254c4f13b13d12ba79b63b0661e66d

SHA256
b48c0a3d8130c6c74255d81f16eff5c90a2e468d783fa356d9918508c88dde18

SHA512
e0249eebb666eb57811ad704d14f13fa393cc847ca53ba9ec1454d5d1d6bc54ceebecf2306e335b719a89fc6c28255ad4a14283b7c6eb4b2b87e37c31727b129

Download Submit
C:\Program Files (x86)\StreamHelper\tbi.vbs
Filesize
363B

MD5
1f678c0df90895b443eeb0cad9e75f04

SHA1
638be67050f85a0f73ce20bcb38040f830ce8429

SHA256
ddb44c4d6479a36ebb2ccc2879df3ca9472a6c71edd927adaa06dd01e976eee1

SHA512
beb7b20f7ccb63a58ac4dcb61b23f1d16471f3e20214a357f115f30d9f8dc015b6673e1a21dae20dddd77ab3a5193271c00d782f0af639388533bc78d4e7cd91

Download Submit
C:\Program Files (x86)\StreamHelper\voice.vbs
Filesize
259B

MD5
f3ce5251d5ed80233f90dd9bfac638fe

SHA1
c1092ba3391c1295ae6e965b26b2a1b5e1a72ae4

SHA256
5738305e7025ccadef95032e5af4dae7b0a39ecd18f698fb3107448b3063a8af

SHA512
108235e3aba7223ef30136c169e2946a30557164946d813fe914ac27f6bacf7dc8bcc785a2bf846c5e85edea80a2f5365c4e138871f6bd11e8dc775c51bbe56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
512KB

MD5
da3fe99de5f8cb09cb4f03a361d9c825

SHA1
188e5ad0b7a2da67b14eb5ae6c7a776728bdae29

SHA256
b250b2b0ab920db9698ed223254ed9e662ca5f168059bf6eb3bf07e337453f5b

SHA512
ab07ed0b6fc711ff6115988af7190958daa0aa5c7f72285da74ac1687e5b7ff6f009d3cb48e76b33b5ca339163cf60c484d8c665bec7c156a76651124c494b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\booster.exe
Filesize
43KB

MD5
f08519331b54f872eb2b4843e28ca379

SHA1
ef12b99f1350f795a0a4b7c5e0cc717c9f029ac2

SHA256
3ac6a07b9f9a3147a01e2bbbdd1fa146a9d3cc8270012b474b4904ae85c466b8

SHA512
a101caf11255b3f83db2dfeddd4e3e84a1be5d4c31c8b89f373f87699559e7700341e03849bf723ec151df58ebfd3828c8c21aed363bc303685c39e76294ee6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\booster.exe
Filesize
43KB

MD5
f08519331b54f872eb2b4843e28ca379

SHA1
ef12b99f1350f795a0a4b7c5e0cc717c9f029ac2

SHA256
3ac6a07b9f9a3147a01e2bbbdd1fa146a9d3cc8270012b474b4904ae85c466b8

SHA512
a101caf11255b3f83db2dfeddd4e3e84a1be5d4c31c8b89f373f87699559e7700341e03849bf723ec151df58ebfd3828c8c21aed363bc303685c39e76294ee6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\getadmin.vbs
Filesize
133B

MD5
6b537d3cf7e455bab5f4ae38ff4a7fd8

SHA1
6ec7bfa55972ec66b6001196136c5ed5ff4b1280

SHA256
b6291fdc9d22d281246f3415b59399f6178e8f78823e35ff82f5624c85397c15

SHA512
e1dca68d2acaf0be631ea6ba1a5775daa8a6510783d27e51fcfbfdab3c9d049989edc11b21279ab890b79efccc4c210975face045084eb1417e9de81bfc63291

Download Submit
memory/852-186-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2980-234-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-263-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-262-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-265-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-264-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-261-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-260-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-258-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-233-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-222-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-224-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-225-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/2980-223-0x0000000002E30000-0x0000000002E40000-memory.dmp

Filesize
64KB

Download
memory/4536-175-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download