Analysis
-
max time kernel
9s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
19-07-2024 17:35
Static task
static1
Behavioral task
behavioral1
Sample
CrackLauncher.exe
Resource
win10-20240404-en
General
-
Target
CrackLauncher.exe
-
Size
2.7MB
-
MD5
90094c2066f9e53cb9217876c833c269
-
SHA1
da9086b65e114257168e634cc921e1ab1c069144
-
SHA256
371427ad07be3f9c39773c3c0c4b95c86f63dc2e427835565b159f3686818bd0
-
SHA512
ef4a15be7efa9ac59c991c64c5afa5fb9e8015334f69e1c64315f788345c456fec5caf58605ccf08afaf16f1a2f7cc2fda1ffd85850d6c2ea268c63efc261aa8
-
SSDEEP
49152:+o0vjh94l17uf+lwSV64uaQ+AMqAXKM5VIZsTirMC6gOpkXF3eew0w2Gc2MAPRT0:+p87WSV69aQ+GW5CZsTirMjRkOow2H2U
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process 48 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes:
schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exedescription pid pid_target process target process Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6056 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 3444 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 4696 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2252 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5480 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5072 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6176 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6316 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6352 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6440 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6536 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6580 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6624 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6696 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6792 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6896 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6956 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6976 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7112 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 216 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5016 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5536 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6568 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6472 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6712 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6868 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1624 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 4396 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6988 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6788 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7120 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6440 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1516 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6596 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6924 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7144 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1880 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 3996 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5536 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6972 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6556 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7244 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7316 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7408 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7520 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7624 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7692 5264 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7736 5264 schtasks.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe dcrat behavioral1/memory/4980-174-0x0000000000950000-0x0000000000C12000-memory.dmp dcrat C:\bridgeServercomponentFontDriver\smss.exe dcrat -
Executes dropped EXE 64 IoCs
Processes:
CrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exepid process 3292 CrackLauncher.exe 3196 íóòèïàõóé.exe 1568 CrackLauncher.exe 2196 íóòèïàõóé.exe 4472 CrackLauncher.exe 652 íóòèïàõóé.exe 1476 CrackLauncher.exe 1992 íóòèïàõóé.exe 4356 CrackLauncher.exe 4612 íóòèïàõóé.exe 2004 CrackLauncher.exe 3600 íóòèïàõóé.exe 1084 CrackLauncher.exe 708 íóòèïàõóé.exe 4880 CrackLauncher.exe 3428 íóòèïàõóé.exe 4972 CrackLauncher.exe 1388 íóòèïàõóé.exe 2900 CrackLauncher.exe 4600 íóòèïàõóé.exe 2724 CrackLauncher.exe 4692 íóòèïàõóé.exe 4244 CrackLauncher.exe 2456 íóòèïàõóé.exe 192 CrackLauncher.exe 200 íóòèïàõóé.exe 2820 CrackLauncher.exe 4564 íóòèïàõóé.exe 168 CrackLauncher.exe 2044 íóòèïàõóé.exe 3960 íóòèïàõóé.exe 4980 CrackLauncher.exe 440 CrackLauncher.exe 4728 íóòèïàõóé.exe 3964 CrackLauncher.exe 5076 íóòèïàõóé.exe 3732 CrackLauncher.exe 3012 íóòèïàõóé.exe 2788 CrackLauncher.exe 3412 íóòèïàõóé.exe 3888 CrackLauncher.exe 2900 íóòèïàõóé.exe 8 CrackLauncher.exe 2672 íóòèïàõóé.exe 2456 CrackLauncher.exe 3624 íóòèïàõóé.exe 4472 CrackLauncher.exe 4572 íóòèïàõóé.exe 3768 CrackLauncher.exe 4380 íóòèïàõóé.exe 4608 CrackLauncher.exe 648 íóòèïàõóé.exe 880 íóòèïàõóé.exe 768 CrackLauncher.exe 1888 CrackLauncher.exe 1200 íóòèïàõóé.exe 764 CrackLauncher.exe 860 íóòèïàõóé.exe 512 CrackLauncher.exe 2900 íóòèïàõóé.exe 3068 CrackLauncher.exe 4444 íóòèïàõóé.exe 712 CrackLauncher.exe 4884 íóòèïàõóé.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 34 IoCs
Processes:
íóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings íóòèïàõóé.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 48 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exepid process 6176 schtasks.exe 6316 schtasks.exe 6696 schtasks.exe 6792 schtasks.exe 6956 schtasks.exe 6976 schtasks.exe 6472 schtasks.exe 6440 schtasks.exe 5536 schtasks.exe 7520 schtasks.exe 5536 schtasks.exe 1880 schtasks.exe 6972 schtasks.exe 7244 schtasks.exe 6580 schtasks.exe 6788 schtasks.exe 7144 schtasks.exe 6896 schtasks.exe 7112 schtasks.exe 216 schtasks.exe 1624 schtasks.exe 4396 schtasks.exe 1516 schtasks.exe 7736 schtasks.exe 2252 schtasks.exe 5072 schtasks.exe 6440 schtasks.exe 6624 schtasks.exe 6556 schtasks.exe 7316 schtasks.exe 6056 schtasks.exe 3444 schtasks.exe 5480 schtasks.exe 6536 schtasks.exe 5016 schtasks.exe 6568 schtasks.exe 6868 schtasks.exe 6924 schtasks.exe 4696 schtasks.exe 6988 schtasks.exe 7408 schtasks.exe 6352 schtasks.exe 6712 schtasks.exe 7120 schtasks.exe 6596 schtasks.exe 3996 schtasks.exe 7624 schtasks.exe 7692 schtasks.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
CrackLauncher.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exedescription pid process target process PID 2804 wrote to memory of 3292 2804 CrackLauncher.exe CrackLauncher.exe PID 2804 wrote to memory of 3292 2804 CrackLauncher.exe CrackLauncher.exe PID 2804 wrote to memory of 3292 2804 CrackLauncher.exe CrackLauncher.exe PID 2804 wrote to memory of 3196 2804 CrackLauncher.exe íóòèïàõóé.exe PID 2804 wrote to memory of 3196 2804 CrackLauncher.exe íóòèïàõóé.exe PID 2804 wrote to memory of 3196 2804 CrackLauncher.exe íóòèïàõóé.exe PID 3292 wrote to memory of 1568 3292 CrackLauncher.exe CrackLauncher.exe PID 3292 wrote to memory of 1568 3292 CrackLauncher.exe CrackLauncher.exe PID 3292 wrote to memory of 1568 3292 CrackLauncher.exe CrackLauncher.exe PID 3292 wrote to memory of 2196 3292 CrackLauncher.exe íóòèïàõóé.exe PID 3292 wrote to memory of 2196 3292 CrackLauncher.exe íóòèïàõóé.exe PID 3292 wrote to memory of 2196 3292 CrackLauncher.exe íóòèïàõóé.exe PID 1568 wrote to memory of 4472 1568 CrackLauncher.exe CrackLauncher.exe PID 1568 wrote to memory of 4472 1568 CrackLauncher.exe CrackLauncher.exe PID 1568 wrote to memory of 4472 1568 CrackLauncher.exe CrackLauncher.exe PID 1568 wrote to memory of 652 1568 CrackLauncher.exe íóòèïàõóé.exe PID 1568 wrote to memory of 652 1568 CrackLauncher.exe íóòèïàõóé.exe PID 1568 wrote to memory of 652 1568 CrackLauncher.exe íóòèïàõóé.exe PID 3196 wrote to memory of 1500 3196 íóòèïàõóé.exe WScript.exe PID 3196 wrote to memory of 1500 3196 íóòèïàõóé.exe WScript.exe PID 3196 wrote to memory of 1500 3196 íóòèïàõóé.exe WScript.exe PID 4472 wrote to memory of 1476 4472 CrackLauncher.exe CrackLauncher.exe PID 4472 wrote to memory of 1476 4472 CrackLauncher.exe CrackLauncher.exe PID 4472 wrote to memory of 1476 4472 CrackLauncher.exe CrackLauncher.exe PID 2196 wrote to memory of 1648 2196 íóòèïàõóé.exe WScript.exe PID 2196 wrote to memory of 1648 2196 íóòèïàõóé.exe WScript.exe PID 2196 wrote to memory of 1648 2196 íóòèïàõóé.exe WScript.exe PID 4472 wrote to memory of 1992 4472 CrackLauncher.exe WScript.exe PID 4472 wrote to memory of 1992 4472 CrackLauncher.exe WScript.exe PID 4472 wrote to memory of 1992 4472 CrackLauncher.exe WScript.exe PID 652 wrote to memory of 3460 652 íóòèïàõóé.exe WScript.exe PID 652 wrote to memory of 3460 652 íóòèïàõóé.exe WScript.exe PID 652 wrote to memory of 3460 652 íóòèïàõóé.exe WScript.exe PID 1476 wrote to memory of 4356 1476 CrackLauncher.exe WScript.exe PID 1476 wrote to memory of 4356 1476 CrackLauncher.exe WScript.exe PID 1476 wrote to memory of 4356 1476 CrackLauncher.exe WScript.exe PID 1476 wrote to memory of 4612 1476 CrackLauncher.exe MsHostsvc.exe PID 1476 wrote to memory of 4612 1476 CrackLauncher.exe MsHostsvc.exe PID 1476 wrote to memory of 4612 1476 CrackLauncher.exe MsHostsvc.exe PID 1992 wrote to memory of 1972 1992 íóòèïàõóé.exe CrackLauncher.exe PID 1992 wrote to memory of 1972 1992 íóòèïàõóé.exe CrackLauncher.exe PID 1992 wrote to memory of 1972 1992 íóòèïàõóé.exe CrackLauncher.exe PID 4356 wrote to memory of 2004 4356 CrackLauncher.exe CrackLauncher.exe PID 4356 wrote to memory of 2004 4356 CrackLauncher.exe CrackLauncher.exe PID 4356 wrote to memory of 2004 4356 CrackLauncher.exe CrackLauncher.exe PID 4356 wrote to memory of 3600 4356 CrackLauncher.exe íóòèïàõóé.exe PID 4356 wrote to memory of 3600 4356 CrackLauncher.exe íóòèïàõóé.exe PID 4356 wrote to memory of 3600 4356 CrackLauncher.exe íóòèïàõóé.exe PID 4612 wrote to memory of 4548 4612 íóòèïàõóé.exe Conhost.exe PID 4612 wrote to memory of 4548 4612 íóòèïàõóé.exe Conhost.exe PID 4612 wrote to memory of 4548 4612 íóòèïàõóé.exe Conhost.exe PID 2004 wrote to memory of 1084 2004 CrackLauncher.exe CrackLauncher.exe PID 2004 wrote to memory of 1084 2004 CrackLauncher.exe CrackLauncher.exe PID 2004 wrote to memory of 1084 2004 CrackLauncher.exe CrackLauncher.exe PID 2004 wrote to memory of 708 2004 CrackLauncher.exe íóòèïàõóé.exe PID 2004 wrote to memory of 708 2004 CrackLauncher.exe íóòèïàõóé.exe PID 2004 wrote to memory of 708 2004 CrackLauncher.exe íóòèïàõóé.exe PID 708 wrote to memory of 1192 708 íóòèïàõóé.exe MsHostsvc.exe PID 708 wrote to memory of 1192 708 íóòèïàõóé.exe MsHostsvc.exe PID 708 wrote to memory of 1192 708 íóòèïàõóé.exe MsHostsvc.exe PID 3600 wrote to memory of 2028 3600 íóòèïàõóé.exe WScript.exe PID 3600 wrote to memory of 2028 3600 íóòèïàõóé.exe WScript.exe PID 3600 wrote to memory of 2028 3600 íóòèïàõóé.exe WScript.exe PID 1084 wrote to memory of 4880 1084 CrackLauncher.exe íóòèïàõóé.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3292 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"9⤵
- Executes dropped EXE
PID:4880 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"10⤵
- Executes dropped EXE
PID:4972 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"11⤵
- Executes dropped EXE
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"12⤵
- Executes dropped EXE
PID:2724 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"13⤵
- Executes dropped EXE
PID:4244 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"14⤵
- Executes dropped EXE
PID:192 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"15⤵
- Executes dropped EXE
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"16⤵
- Executes dropped EXE
PID:168 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"17⤵
- Executes dropped EXE
PID:4980 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"18⤵
- Executes dropped EXE
PID:440 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"19⤵
- Executes dropped EXE
PID:3964 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"20⤵
- Executes dropped EXE
PID:3732 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"21⤵
- Executes dropped EXE
PID:2788 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"22⤵
- Executes dropped EXE
PID:3888 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"23⤵
- Executes dropped EXE
PID:8 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"24⤵
- Executes dropped EXE
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"25⤵
- Executes dropped EXE
PID:4472 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"26⤵
- Executes dropped EXE
PID:3768 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"27⤵
- Executes dropped EXE
PID:4608 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"28⤵
- Executes dropped EXE
PID:768 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"29⤵
- Executes dropped EXE
PID:1888 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"30⤵
- Executes dropped EXE
PID:764 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"31⤵
- Executes dropped EXE
PID:512 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"32⤵
- Executes dropped EXE
PID:3068 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"33⤵
- Executes dropped EXE
PID:712 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"34⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"35⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"36⤵PID:4228
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"37⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"38⤵PID:4684
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"39⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"40⤵PID:4224
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"41⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"42⤵PID:3556
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"43⤵PID:904
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"44⤵PID:712
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"45⤵PID:4224
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"46⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"47⤵PID:1148
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"48⤵PID:2120
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"49⤵PID:3100
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"50⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"51⤵PID:3820
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"52⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"53⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"54⤵PID:5964
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"55⤵PID:1972
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"56⤵PID:504
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"57⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"58⤵PID:6232
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"59⤵PID:6652
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"60⤵PID:6988
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"61⤵PID:5480
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"62⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"63⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"64⤵PID:6656
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"65⤵PID:6964
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"66⤵PID:7344
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"67⤵PID:7712
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"68⤵PID:8164
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"69⤵PID:4688
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"70⤵PID:1200
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"71⤵PID:5004
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"72⤵PID:7696
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"73⤵PID:7884
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"74⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"75⤵PID:2188
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"76⤵PID:8560
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"77⤵PID:8916
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"78⤵PID:9112
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"79⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"80⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"81⤵PID:5492
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"82⤵PID:9036
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"83⤵PID:8980
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"84⤵PID:8964
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"85⤵PID:5692
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"86⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"87⤵PID:3036
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"88⤵PID:6208
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"89⤵PID:5492
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"90⤵PID:5944
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"91⤵PID:9052
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"92⤵PID:9208
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"93⤵PID:5288
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"94⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"95⤵PID:8680
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"96⤵PID:6196
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"97⤵PID:5868
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"98⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"99⤵PID:5896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"100⤵PID:4040
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"101⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"102⤵PID:6532
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"103⤵PID:8900
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"104⤵PID:5448
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"105⤵PID:6328
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"106⤵PID:5084
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"107⤵PID:6756
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"108⤵PID:6796
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"109⤵PID:6784
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"110⤵PID:8116
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"111⤵PID:7496
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"112⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"113⤵PID:6496
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"114⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"115⤵PID:7552
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"116⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"117⤵PID:8536
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"118⤵PID:3912
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"119⤵PID:8148
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"120⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"121⤵PID:2248
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"122⤵PID:6548
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"123⤵PID:7784
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"124⤵PID:6504
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"125⤵PID:6652
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"126⤵PID:7744
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"127⤵PID:7696
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"128⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"129⤵PID:7720
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"130⤵PID:5012
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"131⤵PID:6284
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"132⤵PID:5456
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"133⤵PID:5828
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"134⤵PID:6464
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"135⤵PID:8752
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"136⤵PID:5320
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"137⤵PID:8424
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"138⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"139⤵PID:8052
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"140⤵PID:7560
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"141⤵PID:5088
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"142⤵PID:7248
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"143⤵PID:6584
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"144⤵PID:6192
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"145⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"146⤵PID:6556
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"147⤵PID:3912
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"148⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"149⤵PID:2308
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"150⤵PID:3964
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"151⤵PID:8840
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"152⤵PID:6668
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"153⤵PID:5668
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"154⤵PID:8044
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"155⤵PID:1328
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"156⤵PID:6532
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"157⤵PID:5936
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"158⤵PID:5808
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"159⤵PID:7816
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"160⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"161⤵PID:7216
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"162⤵PID:9424
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"163⤵PID:10056
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"164⤵PID:9396
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"165⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"166⤵PID:5132
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"167⤵PID:3328
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"168⤵PID:1500
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"169⤵PID:7000
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"170⤵PID:8372
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"171⤵PID:6464
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"172⤵PID:7360
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"173⤵PID:5344
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"174⤵PID:8992
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"175⤵PID:712
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"176⤵PID:7348
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"177⤵PID:7704
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"178⤵PID:8544
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"179⤵PID:8708
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"180⤵PID:8684
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"181⤵PID:8972
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"182⤵PID:6364
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"183⤵PID:5344
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"184⤵PID:8992
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"185⤵PID:6644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"186⤵PID:2800
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"187⤵PID:8596
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"188⤵PID:6444
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"189⤵PID:6056
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"190⤵PID:10132
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"191⤵PID:5652
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"192⤵PID:6708
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"193⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"194⤵PID:8760
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"195⤵PID:8992
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"196⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"197⤵PID:6608
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"198⤵PID:2800
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"199⤵PID:5160
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"200⤵PID:9056
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"201⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"202⤵PID:4860
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"203⤵PID:7024
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"204⤵PID:5016
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"205⤵PID:7220
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"206⤵PID:5684
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"207⤵PID:7816
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"208⤵PID:6660
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"209⤵PID:6124
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"210⤵PID:8632
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"211⤵PID:6712
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"212⤵PID:9396
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"213⤵PID:9596
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"214⤵PID:4608
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"215⤵PID:8916
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"214⤵PID:5384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"213⤵PID:648
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"214⤵PID:7680
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"212⤵PID:4128
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"213⤵PID:6624
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"211⤵PID:6432
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"212⤵PID:8468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"210⤵PID:5100
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"211⤵PID:6036
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"209⤵PID:7456
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"210⤵PID:7468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"208⤵PID:3052
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"209⤵PID:7244
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"207⤵PID:7104
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"208⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"206⤵PID:7352
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"207⤵PID:5756
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"205⤵PID:6836
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"206⤵PID:7316
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"204⤵PID:6600
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"205⤵PID:6448
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"203⤵PID:7432
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"204⤵PID:8564
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"202⤵PID:7868
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"203⤵PID:6816
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"201⤵PID:6920
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"202⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"200⤵PID:8916
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"201⤵PID:7384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"199⤵PID:8320
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"200⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"198⤵PID:6260
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"199⤵PID:8708
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"197⤵PID:9184
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"198⤵PID:5992
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"196⤵PID:8632
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"197⤵PID:3548
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"195⤵PID:7520
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"196⤵PID:6636
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"194⤵PID:1580
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"195⤵PID:8940
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"193⤵PID:828
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"194⤵PID:9168
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"192⤵PID:6248
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"193⤵PID:8052
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"191⤵PID:2028
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"192⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"190⤵PID:6980
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"191⤵PID:6892
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"189⤵PID:7100
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"190⤵PID:4984
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"188⤵PID:5028
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"189⤵PID:7628
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"187⤵PID:6944
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"188⤵PID:6228
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"186⤵PID:3768
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"187⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"185⤵PID:8892
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"186⤵PID:7852
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"184⤵PID:6528
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"185⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"183⤵PID:7712
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"184⤵PID:8868
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"182⤵PID:5012
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"183⤵PID:6192
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"181⤵PID:10212
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"182⤵PID:9048
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"180⤵PID:4984
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"181⤵PID:5432
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"179⤵PID:8412
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"180⤵PID:6904
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"178⤵PID:8576
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"179⤵PID:8816
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"177⤵PID:4784
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"178⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"176⤵PID:8348
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"177⤵PID:7748
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"175⤵PID:5700
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"176⤵PID:8336
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"174⤵PID:9076
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"175⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"173⤵PID:424
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"174⤵PID:6028
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"172⤵PID:7332
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"173⤵PID:5204
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"171⤵PID:7860
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"172⤵PID:9580
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"170⤵PID:6004
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"171⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"169⤵PID:6440
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"170⤵PID:5196
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"168⤵PID:9508
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"169⤵PID:5504
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"167⤵PID:7756
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"168⤵PID:6284
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"166⤵PID:8956
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"167⤵PID:4392
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "168⤵PID:7576
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"165⤵PID:8312
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"166⤵PID:3780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "167⤵PID:5176
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"168⤵PID:9296
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"164⤵PID:9300
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"165⤵PID:7672
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "166⤵PID:7028
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"167⤵PID:6812
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"163⤵PID:10100
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"164⤵PID:6140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "165⤵PID:7560
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"166⤵PID:9612
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"162⤵PID:9604
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"163⤵PID:10088
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "164⤵PID:7236
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"165⤵PID:5248
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"161⤵PID:7556
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"162⤵PID:9436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "163⤵PID:6756
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"164⤵PID:8696
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"160⤵PID:8036
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"161⤵PID:4232
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "162⤵PID:8720
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"163⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"159⤵PID:5060
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"160⤵PID:1564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "161⤵PID:7596
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"162⤵PID:7332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"158⤵PID:8196
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"159⤵PID:7504
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "160⤵PID:9088
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"161⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"157⤵PID:6560
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"158⤵PID:7376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "159⤵PID:5704
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"160⤵PID:8840
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"156⤵PID:7508
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"157⤵PID:6340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "158⤵PID:6780
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"159⤵PID:8844
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"155⤵PID:5976
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"156⤵PID:5668
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "157⤵PID:6744
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"158⤵PID:8820
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"154⤵PID:7268
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"155⤵PID:6344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "156⤵PID:10172
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"157⤵PID:8964
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"153⤵PID:5660
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"154⤵PID:7636
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "155⤵PID:6152
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"156⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"152⤵PID:5960
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"153⤵PID:3036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "154⤵PID:2748
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"155⤵PID:5296
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"151⤵PID:7016
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"152⤵PID:2120
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "153⤵PID:6556
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"154⤵PID:7272
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"150⤵PID:7636
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"151⤵PID:4880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "152⤵PID:5136
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"153⤵PID:6676
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"149⤵PID:2188
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"150⤵PID:6476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "151⤵PID:8260
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"152⤵PID:3000
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"148⤵PID:3744
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"149⤵PID:5040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "150⤵PID:5208
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"151⤵PID:8936
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"147⤵PID:8988
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"148⤵PID:5944
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "149⤵PID:3028
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"150⤵PID:8560
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"146⤵PID:5796
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"147⤵PID:8640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "148⤵PID:5976
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"149⤵PID:4192
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"145⤵PID:2904
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"146⤵PID:5476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "147⤵PID:7000
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"148⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"144⤵PID:5136
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"145⤵PID:8600
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "146⤵PID:3632
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵PID:4244
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"147⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"143⤵PID:8464
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"144⤵PID:8756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "145⤵PID:8772
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"146⤵PID:700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"142⤵PID:5408
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"143⤵PID:5320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "144⤵PID:9996
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"145⤵PID:4428
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"141⤵PID:4244
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"142⤵PID:8420
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "143⤵PID:1148
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"144⤵PID:5244
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"140⤵PID:5740
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"141⤵PID:9044
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "142⤵PID:368
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"143⤵PID:9604
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"139⤵PID:6012
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"140⤵PID:7420
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "141⤵PID:10084
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"142⤵PID:7396
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"138⤵PID:2164
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"139⤵PID:3992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "140⤵PID:4416
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"141⤵PID:3572
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"137⤵PID:8816
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"138⤵PID:6652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "139⤵PID:7304
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"140⤵PID:6224
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"136⤵PID:8460
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"137⤵PID:7692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "138⤵PID:9656
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"139⤵PID:5288
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"135⤵PID:8640
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"136⤵PID:8820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "137⤵PID:9900
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"138⤵PID:9916
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"134⤵PID:8404
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"135⤵PID:7592
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "136⤵PID:5560
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵PID:4600
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"137⤵PID:6700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"133⤵PID:5796
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"134⤵PID:5288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "135⤵PID:9348
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"136⤵PID:8852
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"132⤵PID:8060
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"133⤵PID:8080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "134⤵PID:10176
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"135⤵PID:7188
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"131⤵PID:5496
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"132⤵PID:6200
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "133⤵PID:10016
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"134⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"130⤵PID:4628
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"131⤵PID:6316
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "132⤵PID:9876
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"133⤵PID:6804
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"129⤵PID:4364
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"130⤵PID:1936
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "131⤵PID:9808
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"132⤵PID:10076
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"128⤵PID:4460
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"129⤵PID:5292
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "130⤵PID:9688
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"131⤵PID:9800
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"127⤵PID:6720
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"128⤵PID:7776
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "129⤵PID:9452
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"130⤵PID:9756
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"126⤵PID:4900
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"127⤵PID:4220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "128⤵PID:9292
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"129⤵PID:9388
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"125⤵PID:6296
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"126⤵PID:776
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "127⤵PID:4196
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"128⤵PID:9444
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"124⤵PID:6140
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"125⤵PID:4128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "126⤵PID:9136
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"127⤵PID:8168
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"123⤵PID:3632
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"124⤵PID:6868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "125⤵PID:8148
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"126⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"122⤵PID:2016
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"123⤵PID:5556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "124⤵PID:5316
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"125⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"121⤵PID:5900
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"122⤵PID:5076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "123⤵PID:7644
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"124⤵PID:6992
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"120⤵PID:7304
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"121⤵PID:7072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "122⤵PID:5172
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"123⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"119⤵PID:6284
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"120⤵PID:5536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "121⤵PID:5896
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"122⤵PID:3952
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"118⤵PID:3900
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"119⤵PID:2252
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "120⤵PID:7132
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵PID:192
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"121⤵PID:7600
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"117⤵PID:7056
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"118⤵PID:7468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "119⤵PID:7240
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"120⤵PID:8164
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"116⤵PID:7448
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"117⤵PID:7504
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "118⤵PID:2168
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"119⤵PID:8680
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"115⤵PID:8388
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"116⤵PID:7888
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "117⤵PID:1092
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"118⤵PID:7020
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"114⤵PID:5896
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"115⤵PID:7620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "116⤵PID:6696
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"117⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"113⤵PID:9052
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"114⤵PID:7380
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "115⤵PID:8040
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"116⤵PID:4108
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"112⤵PID:7112
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"113⤵PID:2168
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "114⤵PID:7516
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"115⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"111⤵PID:8828
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"112⤵PID:1092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "113⤵PID:5704
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"114⤵PID:8000
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"110⤵PID:6224
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"111⤵PID:7252
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "112⤵PID:5552
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"113⤵PID:904
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"109⤵PID:5644
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"110⤵PID:8016
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "111⤵PID:5724
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"112⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"108⤵PID:5320
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"109⤵PID:5640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "110⤵PID:6744
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"111⤵PID:7136
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"107⤵PID:5288
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"108⤵PID:7436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "109⤵PID:6120
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"110⤵PID:8272
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"106⤵PID:6464
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"107⤵PID:2460
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "108⤵PID:6956
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"109⤵PID:7220
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"105⤵PID:3464
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"106⤵PID:2268
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "107⤵PID:8884
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"108⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"104⤵PID:7200
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"105⤵PID:7140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "106⤵PID:7048
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"107⤵PID:8996
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"103⤵PID:6016
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"104⤵PID:7240
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "105⤵PID:4972
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"106⤵PID:6276
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"102⤵PID:4200
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"103⤵PID:5520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "104⤵PID:764
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"105⤵PID:6556
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"101⤵PID:6736
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"102⤵PID:8676
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "103⤵PID:5636
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"104⤵PID:6488
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"100⤵PID:7020
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"101⤵PID:6892
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "102⤵PID:6048
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"103⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"99⤵PID:6464
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"100⤵PID:5768
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "101⤵PID:2532
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"102⤵PID:7080
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"98⤵PID:6620
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"99⤵PID:6564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "100⤵PID:6528
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"101⤵PID:9068
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"97⤵PID:8900
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"98⤵PID:6488
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "99⤵PID:7664
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"100⤵PID:2692
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"96⤵PID:1332
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"97⤵PID:1564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "98⤵PID:6708
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"99⤵PID:7424
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"95⤵PID:8224
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"96⤵PID:5568
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "97⤵PID:8792
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"98⤵PID:5820
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"94⤵PID:5684
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"95⤵PID:3036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "96⤵PID:6076
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"97⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"93⤵PID:6848
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"94⤵PID:7080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "95⤵PID:8552
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"96⤵PID:8320
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"92⤵PID:5768
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"93⤵PID:6824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "94⤵PID:8344
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"95⤵PID:9152
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"91⤵PID:9140
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"92⤵PID:6276
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "93⤵PID:9160
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"94⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"90⤵PID:5028
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"91⤵PID:5820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "92⤵PID:1388
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"93⤵PID:5140
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"89⤵PID:4200
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"90⤵PID:9000
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "91⤵PID:8848
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"92⤵PID:6352
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"88⤵PID:6204
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"89⤵PID:8596
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "90⤵PID:8696
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"91⤵PID:6596
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"87⤵PID:5968
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"88⤵PID:6228
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "89⤵PID:3620
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"90⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"86⤵PID:5572
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"87⤵PID:8216
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "88⤵PID:8300
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"89⤵PID:7928
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"85⤵PID:4880
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"86⤵PID:5836
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "87⤵PID:8352
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"88⤵PID:5732
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"84⤵PID:3932
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"85⤵PID:4912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "86⤵PID:6196
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"87⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"83⤵PID:5780
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"84⤵PID:3964
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "85⤵PID:8252
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"86⤵PID:8244
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"82⤵PID:6120
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"83⤵PID:4328
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "84⤵PID:6284
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵PID:4712
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"85⤵PID:3572
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"81⤵PID:8724
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"82⤵PID:6048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "83⤵PID:5564
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"84⤵PID:8240
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"80⤵PID:4956
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"81⤵PID:8844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "82⤵PID:4392
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"83⤵PID:7112
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"79⤵PID:6104
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"80⤵PID:5472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "81⤵PID:8020
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"82⤵PID:5812
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"78⤵PID:9132
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"79⤵PID:8372
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "80⤵PID:404
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"81⤵PID:5244
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"77⤵PID:8964
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"78⤵PID:8204
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "79⤵PID:7548
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"80⤵PID:7796
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"76⤵PID:8656
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"77⤵PID:8988
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "78⤵PID:8492
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"79⤵PID:8952
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"75⤵PID:4716
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"76⤵PID:8684
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "77⤵PID:8316
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"78⤵PID:8852
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"74⤵PID:4080
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"75⤵PID:8288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "76⤵PID:4472
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"77⤵PID:8616
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"73⤵PID:7676
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"74⤵PID:1992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "75⤵PID:7284
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"76⤵PID:7688
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"72⤵PID:7692
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"73⤵PID:7328
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "74⤵PID:8648
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"75⤵PID:8136
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"71⤵PID:216
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"72⤵PID:4980
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "73⤵PID:5232
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"74⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"70⤵PID:5052
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"71⤵PID:2692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "72⤵PID:5480
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"73⤵PID:7176
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"69⤵PID:7812
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"70⤵PID:7760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "71⤵PID:5024
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"72⤵PID:7392
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"68⤵PID:8184
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"69⤵PID:1624
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "70⤵PID:3972
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"71⤵PID:7984
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"67⤵PID:7800
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"68⤵PID:8176
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "69⤵PID:5684
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"70⤵PID:4104
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"66⤵PID:7400
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"67⤵PID:7900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "68⤵PID:8120
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"69⤵PID:6320
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"65⤵PID:6816
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"66⤵PID:7352
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "67⤵PID:6608
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"68⤵PID:7956
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"64⤵PID:6708
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"65⤵PID:3756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "66⤵PID:5016
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"67⤵PID:9204
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"63⤵PID:4920
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"64⤵PID:524
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "65⤵PID:4528
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"66⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"62⤵PID:6376
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"63⤵PID:6444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "64⤵PID:5948
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"65⤵PID:6896
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"61⤵PID:1516
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"62⤵PID:504
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "63⤵PID:6928
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"64⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"60⤵PID:7060
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"61⤵PID:6340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "62⤵PID:6388
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"63⤵PID:6336
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"59⤵PID:6772
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"60⤵PID:7124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "61⤵PID:6528
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"62⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"58⤵PID:6336
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"59⤵PID:6668
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "60⤵PID:7664
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"61⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"57⤵PID:5024
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"58⤵PID:6388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "59⤵PID:1376
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV160⤵PID:4548
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"60⤵PID:5592
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"56⤵PID:5720
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"57⤵PID:364
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "58⤵PID:5204
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"59⤵PID:6256
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"55⤵PID:2252
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"56⤵PID:6124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "57⤵PID:5136
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"58⤵PID:5992
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"54⤵PID:6040
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"55⤵PID:5028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "56⤵PID:9064
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"57⤵PID:6136
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"53⤵PID:5656
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"54⤵PID:5844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "55⤵PID:6100
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"56⤵PID:8260
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"52⤵PID:5432
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"53⤵PID:5636
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "54⤵PID:9076
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"55⤵PID:396
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"51⤵PID:5204
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"52⤵PID:5488
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "53⤵PID:8880
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"54⤵PID:5852
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"50⤵PID:3736
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"51⤵PID:5132
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "52⤵PID:8544
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"53⤵PID:8696
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"49⤵PID:3964
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"50⤵PID:4572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "51⤵PID:8272
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"52⤵PID:8436
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"48⤵PID:3444
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"49⤵PID:5088
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "50⤵PID:4228
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"51⤵PID:8316
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"47⤵PID:4884
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"48⤵PID:4480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "49⤵PID:7828
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"50⤵PID:8424
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"46⤵PID:4912
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"47⤵PID:4956
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "48⤵PID:2600
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"49⤵PID:8236
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"45⤵PID:3932
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"46⤵PID:2456
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "47⤵PID:7692
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"48⤵PID:8392
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"44⤵PID:4564
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"45⤵PID:3548
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "46⤵PID:4428
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"47⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"43⤵PID:512
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"44⤵PID:4880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "45⤵PID:5560
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"46⤵PID:7632
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"42⤵PID:3416
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"43⤵PID:1992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "44⤵PID:5408
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵PID:4564
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"45⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"41⤵PID:376
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"42⤵PID:3724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "43⤵PID:1864
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"44⤵PID:712
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"40⤵PID:700
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"41⤵PID:4032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "42⤵PID:440
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"43⤵PID:4380
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"39⤵PID:2120
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"40⤵PID:880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "41⤵PID:5292
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"42⤵PID:4516
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"38⤵PID:2804
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"39⤵PID:4220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "40⤵PID:7488
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"41⤵PID:6056
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"37⤵PID:4928
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"38⤵PID:3068
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "39⤵PID:6472
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"40⤵PID:4036
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"36⤵PID:3932
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"37⤵PID:3040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "38⤵PID:7980
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"39⤵PID:4584
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"35⤵
- Modifies registry class
PID:3000 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"36⤵PID:4996
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "37⤵PID:5776
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"38⤵PID:7624
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"34⤵
- Modifies registry class
PID:3952 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"35⤵PID:876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "36⤵PID:2780
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"37⤵PID:3892
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"33⤵
- Executes dropped EXE
- Modifies registry class
PID:4884 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"34⤵PID:680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "35⤵PID:4696
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"36⤵PID:6384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"32⤵
- Executes dropped EXE
- Modifies registry class
PID:4444 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"33⤵PID:4356
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "34⤵PID:7752
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"35⤵PID:6876
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"31⤵
- Executes dropped EXE
- Modifies registry class
PID:2900 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"32⤵PID:2820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "33⤵PID:7056
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"34⤵PID:8076
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"30⤵
- Executes dropped EXE
- Modifies registry class
PID:860 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"31⤵PID:3212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "32⤵PID:7336
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"33⤵PID:7992
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"29⤵
- Executes dropped EXE
- Modifies registry class
PID:1200 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"30⤵PID:2564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "31⤵PID:7292
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"32⤵PID:7376
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"28⤵
- Executes dropped EXE
- Modifies registry class
PID:880 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"29⤵PID:1812
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "30⤵PID:8004
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"31⤵PID:8096
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"27⤵
- Executes dropped EXE
- Modifies registry class
PID:648 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"28⤵PID:2140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "29⤵PID:7788
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"30⤵PID:8016
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"26⤵
- Executes dropped EXE
- Modifies registry class
PID:4380 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"27⤵PID:4936
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "28⤵PID:7468
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"29⤵PID:7596
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"25⤵
- Executes dropped EXE
- Modifies registry class
PID:4572 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"26⤵PID:4992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "27⤵PID:7432
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"28⤵PID:7572
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"24⤵
- Executes dropped EXE
- Modifies registry class
PID:3624 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"25⤵PID:4796
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "26⤵PID:220
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"27⤵PID:6828
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"23⤵
- Executes dropped EXE
- Modifies registry class
PID:2672 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"24⤵PID:3756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "25⤵PID:5936
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"26⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"22⤵
- Executes dropped EXE
- Modifies registry class
PID:2900 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"23⤵PID:4712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "24⤵PID:2784
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"25⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"21⤵
- Executes dropped EXE
- Modifies registry class
PID:3412 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"22⤵PID:4552
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "23⤵PID:6512
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"24⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"20⤵
- Executes dropped EXE
- Modifies registry class
PID:3012 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"21⤵PID:1580
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "22⤵PID:2268
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"23⤵PID:6464
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"19⤵
- Executes dropped EXE
- Modifies registry class
PID:5076 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"20⤵PID:4396
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "21⤵PID:6588
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"22⤵PID:6620
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"18⤵
- Executes dropped EXE
- Modifies registry class
PID:4728 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"19⤵PID:1100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "20⤵PID:2196
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"21⤵PID:5808
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"17⤵
- Executes dropped EXE
- Modifies registry class
PID:3960 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"18⤵PID:5064
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "19⤵PID:6732
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"20⤵PID:6888
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"16⤵
- Executes dropped EXE
- Modifies registry class
PID:2044 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"17⤵PID:1948
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "18⤵PID:6632
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"19⤵PID:6820
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"15⤵
- Executes dropped EXE
- Modifies registry class
PID:4564 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"16⤵PID:4344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "17⤵PID:5720
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"18⤵PID:6252
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"14⤵
- Executes dropped EXE
- Modifies registry class
PID:200 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"15⤵PID:4348
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "16⤵PID:4576
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"17⤵PID:6240
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"13⤵
- Executes dropped EXE
- Modifies registry class
PID:2456 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"14⤵PID:2572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "15⤵PID:828
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"16⤵PID:5716
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"12⤵
- Executes dropped EXE
- Modifies registry class
PID:4692 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"13⤵PID:364
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "14⤵PID:4112
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"15⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"11⤵
- Executes dropped EXE
- Modifies registry class
PID:4600 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"12⤵PID:4752
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "13⤵PID:5800
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"14⤵PID:6116
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"10⤵
- Executes dropped EXE
- Modifies registry class
PID:1388 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"11⤵PID:4924
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "12⤵PID:4544
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"13⤵PID:5692
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"9⤵
- Executes dropped EXE
- Modifies registry class
PID:3428 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"10⤵PID:1752
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "11⤵PID:5376
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"12⤵PID:5856
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:708 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"9⤵PID:1192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "10⤵PID:5972
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"11⤵PID:5400
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3600 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"8⤵PID:2028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "9⤵PID:5948
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"10⤵PID:3780
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4612 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"7⤵PID:4548
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "8⤵PID:5548
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"9⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"6⤵PID:1972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "7⤵PID:368
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"8⤵PID:5272
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:652 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"5⤵PID:3460
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "6⤵PID:4564
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"7⤵PID:5148
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"4⤵PID:1648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "5⤵PID:4928
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"6⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"3⤵PID:1500
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "4⤵PID:4428
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"5⤵PID:4980
-
C:\Program Files (x86)\Windows NT\TableTextService\en-US\Idle.exe"C:\Program Files (x86)\Windows NT\TableTextService\en-US\Idle.exe"6⤵PID:7912
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 5 /tr "'C:\Windows\InputMethod\CHT\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6056
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Windows\InputMethod\CHT\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3444
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 12 /tr "'C:\Windows\InputMethod\CHT\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4696
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\bridgeServercomponentFontDriver\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2252
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\bridgeServercomponentFontDriver\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5480
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 6 /tr "'C:\bridgeServercomponentFontDriver\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5072
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\Chrome\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6176
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Program Files\Google\Chrome\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6316
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\Program Files\Google\Chrome\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6352
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6440
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6536
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6580
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6624
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Users\Default User\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6696
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6792
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 7 /tr "'C:\Users\Default\Downloads\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6896
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Users\Default\Downloads\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6956
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Downloads\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6976
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Portable Devices\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7112
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:216
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Portable Devices\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5016
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóéí" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\íóòèïàõóé.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5536
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóé" /sc ONLOGON /tr "'C:\Users\Default User\íóòèïàõóé.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6568
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóéí" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\íóòèïàõóé.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6472
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóéí" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\íóòèïàõóé.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6712
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóé" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\íóòèïàõóé.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6868
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "íóòèïàõóéí" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\íóòèïàõóé.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1624
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 12 /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4396
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6988
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6788
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\bridgeServercomponentFontDriver\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7120
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\bridgeServercomponentFontDriver\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6440
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\bridgeServercomponentFontDriver\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1516
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 6 /tr "'C:\Windows\Setup\State\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6596
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Windows\Setup\State\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6924
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\Windows\Setup\State\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7144
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 6 /tr "'C:\Windows\bcastdvr\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1880
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Windows\bcastdvr\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3996
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 12 /tr "'C:\Windows\bcastdvr\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5536
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6972
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6556
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7244
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Music\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7316
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Users\Public\Music\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7408
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Music\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7520
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 10 /tr "'C:\Users\Default\NetHood\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7624
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Users\Default\NetHood\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7692
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 6 /tr "'C:\Users\Default\NetHood\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD590094c2066f9e53cb9217876c833c269
SHA1da9086b65e114257168e634cc921e1ab1c069144
SHA256371427ad07be3f9c39773c3c0c4b95c86f63dc2e427835565b159f3686818bd0
SHA512ef4a15be7efa9ac59c991c64c5afa5fb9e8015334f69e1c64315f788345c456fec5caf58605ccf08afaf16f1a2f7cc2fda1ffd85850d6c2ea268c63efc261aa8
-
Filesize
3.0MB
MD5d80301cde99009a601e22c0f9cb3433a
SHA1d82a05a75f31ec11ced2f6c5e0b945510dbfcd5a
SHA256334e48543f8c2d0203135f7820116b676467ae1c1a3d6eabd8b17f96308e5574
SHA51202b744e15834b654b1d4772d8f2ddc26ca773a9139d9d12fec12c2749e09e69c904014c8464762a7bd97aa8413971193a8c386bb2bfecc14fc8aabd78383888b
-
Filesize
215B
MD5bd091f4d8a1df91d73b0c65a4ba02330
SHA1bef757dc154e1d4a0fc91f8ce1e4072c4c12d6df
SHA2567eeb92d6b5e2faca9ea5763051aac81b7851f4aefe76680ccb25a3aec7e05be2
SHA5120559ece912e8d3f061e615dd55ced1ddb75c743014b99f4589421c192a4aadf58c41c5b8d72cb96ac3b40f4326e7a7c5791691d557036fb3df2df8f78ff2a98c
-
Filesize
2.7MB
MD5a7a6c9f410573c8fbd408170eab6aa33
SHA199354c9e2c7fc978abd47e8d2ec1a403bcc5dfd6
SHA2569d5aaaf2551239a60ec1a383a3512be976cfaa866573e86687c59412ae167974
SHA512f3dbb349ed88f1d9b7c6d1e0ffc2fa12b3d2f68209eaf97ff8bf4344c5a87e39ba3588584df4b656acdcf1b1526415b0a06e921f405bc836792c9b55a794d6b5