baf77681223525bce1b7ff865cce029437da3f52baf917113813f9eb948cfe31

Analysis

max time kernel
392s
max time network
312s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin.7z
Size

556KB
MD5

99626bf73b438a05718a960492c036e9
SHA1

cddbbb294c39b882937816bc15fb604efac39911
SHA256

baf77681223525bce1b7ff865cce029437da3f52baf917113813f9eb948cfe31
SHA512

e530c8f689769325bb9a003060cfedf3e43c10725933f640dbe5806c04bc286ab25f50574e9e763d9b12020918125257a801de2d00c555c9a68d3e8978543bd4
SSDEEP

12288:daiGGq9DjgP6wTkxAk+yZtbHPI8nLU86LCSxdORI+Mw/iv9/PGxe:kiGGYjgS9AuZ9HPI1eSPOi+Mw/iZZ

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Signatures

Renames multiple (13609) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
2944	encrypt-a6.exe
548	xccicqjw46.exe
2692	xccicqjw46.exe
2752	xccicqjw46.exe
2756	xccicqjw46.exe
2776	xccicqjw46.exe
2820	xccicqjw46.exe
2816	xccicqjw46.exe
2804	xccicqjw46.exe
2800	xccicqjw46.exe
1448	xccicqjw46.exe
772	xccicqjw46.exe
1636	xccicqjw46.exe
1420	xccicqjw46.exe
564	xccicqjw46.exe
2956	xccicqjw46.exe
1156	xccicqjw46.exe
2000	xccicqjw46.exe
1560	xccicqjw46.exe
1788	xccicqjw46.exe
2172	xccicqjw46.exe
1484	xccicqjw46.exe
1508	xccicqjw46.exe
2704	xccicqjw46.exe
1760	xccicqjw46.exe
2208	xccicqjw46.exe
2200	xccicqjw46.exe
2316	xccicqjw46.exe
1456	xccicqjw46.exe
1240	xccicqjw46.exe
2244	xccicqjw46.exe
2076	xccicqjw46.exe
276	xccicqjw46.exe
488	xccicqjw46.exe
1732	xccicqjw46.exe
1996	xccicqjw46.exe
1036	xccicqjw46.exe
2292	xccicqjw46.exe
2596	xccicqjw46.exe
1828	xccicqjw46.exe
2984	xccicqjw46.exe
352	xccicqjw46.exe
2872	xccicqjw46.exe
1604	xccicqjw46.exe
2840	xccicqjw46.exe
2436	xccicqjw46.exe
2940	xccicqjw46.exe
1552	xccicqjw46.exe
2456	xccicqjw46.exe
2996	xccicqjw46.exe
2744	xccicqjw46.exe
2704	xccicqjw46.exe
2944	xccicqjw46.exe
2032	xccicqjw46.exe
2856	xccicqjw46.exe
1940	xccicqjw46.exe
2416	xccicqjw46.exe
2788	xccicqjw46.exe
2220	xccicqjw46.exe
984	xccicqjw46.exe
1988	xccicqjw46.exe
3008	xccicqjw46.exe
1556	xccicqjw46.exe
1048	xccicqjw46.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 54 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Music\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	Process not Found
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\desktop.ini	Process not Found
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	xccicqjw46.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xccicqjw46.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	xccicqjw46.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF	xccicqjw46.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Graph.exe.manifest	xccicqjw46.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\OliveGreen.css	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Modern.dotx	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107192.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Adjacency.eftx	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	xccicqjw46.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Currie	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\SNET.NET.XML	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Amman	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png	Process not Found
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.HTM	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MLSHEXT.DLL	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSHY7ES.DLL	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar	Process not Found
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu	Process not Found
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf	xccicqjw46.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima	xccicqjw46.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PS2SWOOS.POC	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP	xccicqjw46.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF	xccicqjw46.exe
File opened for modification	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui	Process not Found
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png	xccicqjw46.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\AXIS.INF	xccicqjw46.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2940	Process not Found

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "4"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0000000001000000ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = 0100000000000000ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0000000001000000ffffffff	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Applications\decrypt-a6.exe\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\decrypt-a6.exe\" \"%1\""	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1\0\0\0\MRUListEx = ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Applications\7z.exe.locked\shell\open\command	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Applications\7z.exe.locked\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe.locked\" %1"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1\MRUListEx = 00000000ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\MRUListEx = ffffffff	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1\0\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Applications\decrypt-a6.exe\shell\open	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1\0\0\MRUListEx = 00000000ffffffff	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Applications\decrypt-a6.exe\shell\open\command	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2800	xccicqjw46.exe
2800	xccicqjw46.exe
2776	xccicqjw46.exe
2776	xccicqjw46.exe
2816	xccicqjw46.exe
2816	xccicqjw46.exe
2820	xccicqjw46.exe
2820	xccicqjw46.exe
1448	xccicqjw46.exe
1448	xccicqjw46.exe
2804	xccicqjw46.exe
2804	xccicqjw46.exe
2692	xccicqjw46.exe
2692	xccicqjw46.exe
2756	xccicqjw46.exe
2756	xccicqjw46.exe
2800	xccicqjw46.exe
2752	xccicqjw46.exe
2752	xccicqjw46.exe
2800	xccicqjw46.exe
2804	xccicqjw46.exe
2804	xccicqjw46.exe
2816	xccicqjw46.exe
2816	xccicqjw46.exe
2692	xccicqjw46.exe
2692	xccicqjw46.exe
1448	xccicqjw46.exe
1448	xccicqjw46.exe
2756	xccicqjw46.exe
2756	xccicqjw46.exe
2804	xccicqjw46.exe
2804	xccicqjw46.exe
2800	xccicqjw46.exe
2800	xccicqjw46.exe
2752	xccicqjw46.exe
2752	xccicqjw46.exe
2776	xccicqjw46.exe
2776	xccicqjw46.exe
2816	xccicqjw46.exe
2816	xccicqjw46.exe
2820	xccicqjw46.exe
2820	xccicqjw46.exe
2800	xccicqjw46.exe
2800	xccicqjw46.exe
2804	xccicqjw46.exe
2804	xccicqjw46.exe
2816	xccicqjw46.exe
2816	xccicqjw46.exe
2800	xccicqjw46.exe
2800	xccicqjw46.exe
2776	xccicqjw46.exe
2776	xccicqjw46.exe
1448	xccicqjw46.exe
1448	xccicqjw46.exe
2752	xccicqjw46.exe
2752	xccicqjw46.exe
2756	xccicqjw46.exe
2756	xccicqjw46.exe
2820	xccicqjw46.exe
2820	xccicqjw46.exe
2804	xccicqjw46.exe
2804	xccicqjw46.exe
2816	xccicqjw46.exe
2816	xccicqjw46.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2560	7zFM.exe
1504	explorer.exe
2536	Process not Found
1404	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2560	7zFM.exe
Token: 35	2560	7zFM.exe
Token: SeSecurityPrivilege	2560	7zFM.exe
Token: SeSecurityPrivilege	2560	7zFM.exe
Token: SeDebugPrivilege	2944	encrypt-a6.exe
Token: SeBackupPrivilege	2944	encrypt-a6.exe
Token: SeRestorePrivilege	2944	encrypt-a6.exe
Token: SeLockMemoryPrivilege	2944	encrypt-a6.exe
Token: SeCreateGlobalPrivilege	2944	encrypt-a6.exe
Token: SeDebugPrivilege	548	xccicqjw46.exe
Token: SeBackupPrivilege	548	xccicqjw46.exe
Token: SeRestorePrivilege	548	xccicqjw46.exe
Token: SeLockMemoryPrivilege	548	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	548	xccicqjw46.exe
Token: SeDebugPrivilege	2692	xccicqjw46.exe
Token: SeBackupPrivilege	2692	xccicqjw46.exe
Token: SeRestorePrivilege	2692	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2692	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2692	xccicqjw46.exe
Token: SeDebugPrivilege	2804	xccicqjw46.exe
Token: SeDebugPrivilege	2756	xccicqjw46.exe
Token: SeDebugPrivilege	2800	xccicqjw46.exe
Token: SeDebugPrivilege	1448	xccicqjw46.exe
Token: SeBackupPrivilege	2804	xccicqjw46.exe
Token: SeBackupPrivilege	2756	xccicqjw46.exe
Token: SeBackupPrivilege	2800	xccicqjw46.exe
Token: SeBackupPrivilege	1448	xccicqjw46.exe
Token: SeRestorePrivilege	2804	xccicqjw46.exe
Token: SeRestorePrivilege	2756	xccicqjw46.exe
Token: SeRestorePrivilege	2800	xccicqjw46.exe
Token: SeRestorePrivilege	1448	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2804	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2756	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2800	xccicqjw46.exe
Token: SeLockMemoryPrivilege	1448	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2804	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2756	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2800	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	1448	xccicqjw46.exe
Token: SeDebugPrivilege	2820	xccicqjw46.exe
Token: SeBackupPrivilege	2820	xccicqjw46.exe
Token: SeRestorePrivilege	2820	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2820	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2820	xccicqjw46.exe
Token: SeDebugPrivilege	2776	xccicqjw46.exe
Token: SeBackupPrivilege	2776	xccicqjw46.exe
Token: SeRestorePrivilege	2776	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2776	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2776	xccicqjw46.exe
Token: SeDebugPrivilege	2816	xccicqjw46.exe
Token: SeBackupPrivilege	2816	xccicqjw46.exe
Token: SeRestorePrivilege	2816	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2816	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2816	xccicqjw46.exe
Token: SeDebugPrivilege	2752	xccicqjw46.exe
Token: SeBackupPrivilege	2752	xccicqjw46.exe
Token: SeRestorePrivilege	2752	xccicqjw46.exe
Token: SeLockMemoryPrivilege	2752	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	2752	xccicqjw46.exe
Token: SeDebugPrivilege	772	xccicqjw46.exe
Token: SeBackupPrivilege	772	xccicqjw46.exe
Token: SeRestorePrivilege	772	xccicqjw46.exe
Token: SeLockMemoryPrivilege	772	xccicqjw46.exe
Token: SeCreateGlobalPrivilege	772	xccicqjw46.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
2560	7zFM.exe
2560	7zFM.exe
2560	7zFM.exe
2560	7zFM.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
2560	7zFM.exe
1504	explorer.exe
1504	explorer.exe
2560	7zFM.exe
2560	7zFM.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
2560	7zFM.exe
2560	7zFM.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1504	explorer.exe
2536	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1504	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2560	2364	cmd.exe	29
PID 2364 wrote to memory of 2560	2364	cmd.exe	29
PID 2364 wrote to memory of 2560	2364	cmd.exe	29
PID 2944 wrote to memory of 2948	2944	encrypt-a6.exe	32
PID 2944 wrote to memory of 2948	2944	encrypt-a6.exe	32
PID 2944 wrote to memory of 2948	2944	encrypt-a6.exe	32
PID 2944 wrote to memory of 2948	2944	encrypt-a6.exe	32
PID 2944 wrote to memory of 548	2944	encrypt-a6.exe	34
PID 2944 wrote to memory of 548	2944	encrypt-a6.exe	34
PID 2944 wrote to memory of 548	2944	encrypt-a6.exe	34
PID 2944 wrote to memory of 548	2944	encrypt-a6.exe	34
PID 548 wrote to memory of 2692	548	xccicqjw46.exe	35
PID 548 wrote to memory of 2692	548	xccicqjw46.exe	35
PID 548 wrote to memory of 2692	548	xccicqjw46.exe	35
PID 548 wrote to memory of 2692	548	xccicqjw46.exe	35
PID 548 wrote to memory of 2752	548	xccicqjw46.exe	36
PID 548 wrote to memory of 2752	548	xccicqjw46.exe	36
PID 548 wrote to memory of 2752	548	xccicqjw46.exe	36
PID 548 wrote to memory of 2752	548	xccicqjw46.exe	36
PID 548 wrote to memory of 2756	548	xccicqjw46.exe	37
PID 548 wrote to memory of 2756	548	xccicqjw46.exe	37
PID 548 wrote to memory of 2756	548	xccicqjw46.exe	37
PID 548 wrote to memory of 2756	548	xccicqjw46.exe	37
PID 548 wrote to memory of 2776	548	xccicqjw46.exe	38
PID 548 wrote to memory of 2776	548	xccicqjw46.exe	38
PID 548 wrote to memory of 2776	548	xccicqjw46.exe	38
PID 548 wrote to memory of 2776	548	xccicqjw46.exe	38
PID 548 wrote to memory of 2804	548	xccicqjw46.exe	39
PID 548 wrote to memory of 2804	548	xccicqjw46.exe	39
PID 548 wrote to memory of 2804	548	xccicqjw46.exe	39
PID 548 wrote to memory of 2804	548	xccicqjw46.exe	39
PID 548 wrote to memory of 2820	548	xccicqjw46.exe	40
PID 548 wrote to memory of 2820	548	xccicqjw46.exe	40
PID 548 wrote to memory of 2820	548	xccicqjw46.exe	40
PID 548 wrote to memory of 2820	548	xccicqjw46.exe	40
PID 548 wrote to memory of 2800	548	xccicqjw46.exe	41
PID 548 wrote to memory of 2800	548	xccicqjw46.exe	41
PID 548 wrote to memory of 2800	548	xccicqjw46.exe	41
PID 548 wrote to memory of 2800	548	xccicqjw46.exe	41
PID 548 wrote to memory of 2816	548	xccicqjw46.exe	42
PID 548 wrote to memory of 2816	548	xccicqjw46.exe	42
PID 548 wrote to memory of 2816	548	xccicqjw46.exe	42
PID 548 wrote to memory of 2816	548	xccicqjw46.exe	42
PID 548 wrote to memory of 1448	548	xccicqjw46.exe	43
PID 548 wrote to memory of 1448	548	xccicqjw46.exe	43
PID 548 wrote to memory of 1448	548	xccicqjw46.exe	43
PID 548 wrote to memory of 1448	548	xccicqjw46.exe	43
PID 548 wrote to memory of 1636	548	xccicqjw46.exe	45
PID 548 wrote to memory of 1636	548	xccicqjw46.exe	45
PID 548 wrote to memory of 1636	548	xccicqjw46.exe	45
PID 548 wrote to memory of 1636	548	xccicqjw46.exe	45
PID 548 wrote to memory of 772	548	xccicqjw46.exe	46
PID 548 wrote to memory of 772	548	xccicqjw46.exe	46
PID 548 wrote to memory of 772	548	xccicqjw46.exe	46
PID 548 wrote to memory of 772	548	xccicqjw46.exe	46
PID 548 wrote to memory of 1420	548	xccicqjw46.exe	47
PID 548 wrote to memory of 1420	548	xccicqjw46.exe	47
PID 548 wrote to memory of 1420	548	xccicqjw46.exe	47
PID 548 wrote to memory of 1420	548	xccicqjw46.exe	47
PID 548 wrote to memory of 564	548	xccicqjw46.exe	48
PID 548 wrote to memory of 564	548	xccicqjw46.exe	48
PID 548 wrote to memory of 564	548	xccicqjw46.exe	48
PID 548 wrote to memory of 564	548	xccicqjw46.exe	48
PID 548 wrote to memory of 2956	548	xccicqjw46.exe	49

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bin.7z
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\bin.7z"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2560

C:\Users\Admin\Desktop\encrypt-a6.exe
"C:\Users\Admin\Desktop\encrypt-a6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\Desktop\encrypt-a6.exe C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
  C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -m
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2776
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2800
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2816
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:564
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2956
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1156
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2000
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1456
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2076
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2456
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:3008
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Executes dropped EXE
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1136
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2968
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:832
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1516
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2448
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2800
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1124
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1980
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2480
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:888
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2968
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2204
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1812
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1928
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:452
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1812
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1236
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2572
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1376
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1888
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1132
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2956
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1236
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3068
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1436
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2668
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1928
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1132
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:344
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1364
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:904
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2612
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2076
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:472
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:848
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1980
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:980
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:472
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:344
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2748
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:904
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2144
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1440
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2084
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2128
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1872
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1936
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1872
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1132
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1156
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1132
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:776
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1436
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:832
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:980
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1936
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1236
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1860
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1868
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:156
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1480
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3068
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2264
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1156
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1124
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1468
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:156
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2956
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1368
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:980
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1124
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2612
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1784
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:300
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1516
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1340
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:280
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops desktop.ini file(s)
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1376
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2572
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2076
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2484
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1356
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:952
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1304
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1108
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1524
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2572
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    - Drops file in Program Files directory
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe
    C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe -i SM-xccicqjw -s
    3⤵
    PID:3032

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
PID:1456

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db

Filesize
24B

MD5
b623140136560adaf3786e262c01676f

SHA1
7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d

SHA256
ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140

SHA512
68528a7eb0efd59bed8e77edbee80ec654ec3b8f58a82b1c8ce594dcd3aba07af28268aa83f161837f63ff4278068238aa294e0b5649a688db5a483314df6700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

Filesize
24B

MD5
ae08a2f7fbf44ad3cb6cbc529df8b1dd

SHA1
bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6

SHA256
8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f

SHA512
4ba54d565403b82b8c293acc2da5a4c6bbbe5278ea9449720b18901f58a68c3e91c494d763a3de4f3c295bad5685156552c2979453a8765e0b994c28f378f089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

Filesize
24B

MD5
3e9c4eaba2c54dfe525197d54dc10532

SHA1
4b71d8970e657835ebceee5ec79faea2c1422fbe

SHA256
05da3daa836dc6ed72144dff35f8d90396b4d524dc35ef8d8cd01d86855be858

SHA512
d6c71d6d749ee3599216208ae7bb0dbb45153cec956c447756c826b06dee139df0903e18400cc73d143164a6e766e29ac7e6f6aed9b2f865b5bcf55caf2f5177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
3KB

MD5
d19d2dbcf116a4cb9f5fedbcad9c9f33

SHA1
2984d9a292290213a7598863bf9619d0915a7079

SHA256
723ffbee70bccf84084457b6c1374f9b484a6a7282f8b12fcb2805751ab0fe59

SHA512
d70f594d1a94a80c11d166f705e302793b767644e7db9b4b7eb4351c41a863b62d3579caac6a1287bfedcb9cf8287d3d0fa1c5958985c32d1cf0dd533dc26388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

Filesize
24B

MD5
2034995f0bbaa16db835b462eb78152a

SHA1
ce19b1a236f95307067d4979f8dd96c70d69c18a

SHA256
62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799

SHA512
3427f74d944eaaf5a3e1dd22dc566c718be58e4ceb53ba414c72bca974136cac2f1cd8d0a2a0377ce3918c3f83b2480fffbd9088be135fe0fe48c5a499fa6759

Download Submit
C:\Users\Admin\AppData\Local\Temp\xccicqjw46.exe.cmd

Filesize
121B

MD5
2dba75508544925e99c912e53ad76277

SHA1
7599c60c69a22c03e7737e29a50a0329b4cd49e5

SHA256
d2aab9af28dcba730bea12867ddf8500de65d58ae3c89daf6405294f674e2952

SHA512
12d01cd2dd42c326e574f26bae885b01f5ada4478ff2ea11084b9b136afff7553730dff59042805eddff5f74e8a143f7505d0ec8d517c1c3e581c84a263acff7

Download Submit
C:\Users\Admin\Desktop\decrypt-a6.exe

Filesize
949KB

MD5
4791410eb1f7791580d0b52ffe059d85

SHA1
965398fdf41237025165690ce05c45f234dd6482

SHA256
4c2a6d46e5e5963a213638c8db97223f7fc5407824af01c504096dd85e5ba8f6

SHA512
9d3fbdfecee773257f202b6393ec3682037a95e4e1b986830b6ed73ea93f4927c331a68572b60c7a4abc87cb8326b33255d371eb4efaf90e9cf2391abcce7efa

Download Submit
C:\Users\Admin\Desktop\encrypt-a6.exe

Filesize
1.2MB

MD5
5acd44e55624702c306d1a2428ae5c7e

SHA1
ec9be5a7aa495039a77f836551f2085a33dd8177

SHA256
d0f2d467a7b65203a0b9aa414ab53af72b7b66752bbd9efaf8c26c3bc9293a89

SHA512
1b617c4f4f31fb5c56e9a566a08491d5b41d1509b50cad0b2497fa092d56a14b092052c9322ea5640ffce9aad894dda77a6e6bcb11c26ccb269fbad87b5692a7

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
aeaa7f0b8a18657f4df8f3bc5f4cf219

SHA1
4e5b31c027ceca99ca964ec67d23a86f7b264b37

SHA256
2fb24f1c532c8cbb0c3a022ee5d8038e109626968cee48b03a6e5249bfbef50b

SHA512
8aec4655c4a71029f35cca3b7fa7ec027310400a6d890ac41612e5a70ed0fb6638b52410cc1dcb20cccd9a00a7f77dbe919b996b8df181b71a52963907235739

Download Submit
memory/1504-15101-0x0000000075310000-0x000000007532C000-memory.dmp

Filesize
112KB

Download
memory/1504-15110-0x000007FEF9CD0000-0x000007FEFA341000-memory.dmp

Filesize
6.4MB

Download
memory/1504-13638-0x000007FEF9CD0000-0x000007FEFA341000-memory.dmp

Filesize
6.4MB

Download
memory/1504-14732-0x000007FEF9840000-0x000007FEF9C4F000-memory.dmp

Filesize
4.1MB

Download
memory/1504-15062-0x0000000075310000-0x000000007532C000-memory.dmp

Filesize
112KB

Download
memory/1504-15098-0x000007FEF9CD0000-0x000007FEFA341000-memory.dmp

Filesize
6.4MB

Download
memory/1504-14731-0x000007FEF9CD0000-0x000007FEFA341000-memory.dmp

Filesize
6.4MB

Download
memory/2560-15058-0x0000000075020000-0x00000000751ED000-memory.dmp

Filesize
1.8MB

Download
memory/2560-15054-0x0000000000DB0000-0x0000000000E9E000-memory.dmp

Filesize
952KB

Download
memory/2560-11449-0x000007FEF8F50000-0x000007FEF97B4000-memory.dmp

Filesize
8.4MB

Download
memory/2560-11442-0x000007FEF9CD0000-0x000007FEFA341000-memory.dmp

Filesize
6.4MB

Download
memory/2744-4094-0x0000000077530000-0x000000007764F000-memory.dmp

Filesize
1.1MB

Download
memory/2744-4095-0x0000000077650000-0x000000007774A000-memory.dmp

Filesize
1000KB

Download
memory/2944-35-0x0000000000040000-0x0000000000175000-memory.dmp

Filesize
1.2MB

Download