Analysis
-
max time kernel
4s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
20-07-2024 17:07
Static task
static1
Behavioral task
behavioral1
Sample
CrackLauncher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
CrackLauncher.exe
Resource
win10v2004-20240704-en
General
-
Target
CrackLauncher.exe
-
Size
2.7MB
-
MD5
90094c2066f9e53cb9217876c833c269
-
SHA1
da9086b65e114257168e634cc921e1ab1c069144
-
SHA256
371427ad07be3f9c39773c3c0c4b95c86f63dc2e427835565b159f3686818bd0
-
SHA512
ef4a15be7efa9ac59c991c64c5afa5fb9e8015334f69e1c64315f788345c456fec5caf58605ccf08afaf16f1a2f7cc2fda1ffd85850d6c2ea268c63efc261aa8
-
SSDEEP
49152:+o0vjh94l17uf+lwSV64uaQ+AMqAXKM5VIZsTirMC6gOpkXF3eew0w2Gc2MAPRT0:+p87WSV69aQ+GW5CZsTirMjRkOow2H2U
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process 36 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes:
schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exedescription pid pid_target process target process Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5948 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5972 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5124 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6004 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2032 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5212 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5176 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5548 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5356 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5784 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5988 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2456 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5212 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5364 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5256 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6028 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5592 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5888 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5212 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5696 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 220 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6112 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2448 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5780 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6212 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6276 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6396 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6460 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6552 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6648 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6804 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6904 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6980 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7036 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1372 1988 schtasks.exe Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 4156 1988 schtasks.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe dcrat behavioral2/memory/4208-79-0x0000000000470000-0x0000000000732000-memory.dmp dcrat C:\Program Files (x86)\Windows Photo Viewer\ja-JP\smss.exe dcrat -
Checks computer location settings 2 TTPs 26 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
íóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation íóòèïàõóé.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation CrackLauncher.exe -
Executes dropped EXE 26 IoCs
Processes:
CrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exepid process 3948 CrackLauncher.exe 2044 íóòèïàõóé.exe 2924 CrackLauncher.exe 2848 íóòèïàõóé.exe 3780 CrackLauncher.exe 1208 íóòèïàõóé.exe 5072 CrackLauncher.exe 4216 íóòèïàõóé.exe 3952 CrackLauncher.exe 4644 íóòèïàõóé.exe 4284 CrackLauncher.exe 2976 íóòèïàõóé.exe 4604 CrackLauncher.exe 4012 íóòèïàõóé.exe 1708 CrackLauncher.exe 2916 íóòèïàõóé.exe 4656 CrackLauncher.exe 3040 íóòèïàõóé.exe 3480 CrackLauncher.exe 4848 íóòèïàõóé.exe 2644 CrackLauncher.exe 2668 íóòèïàõóé.exe 1020 CrackLauncher.exe 1456 íóòèïàõóé.exe 3372 CrackLauncher.exe 4744 íóòèïàõóé.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 11 IoCs
Processes:
íóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exeíóòèïàõóé.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings íóòèïàõóé.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 36 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exepid process 5972 schtasks.exe 5364 schtasks.exe 5256 schtasks.exe 6276 schtasks.exe 6460 schtasks.exe 5212 schtasks.exe 5176 schtasks.exe 5356 schtasks.exe 6212 schtasks.exe 7036 schtasks.exe 5124 schtasks.exe 2032 schtasks.exe 6028 schtasks.exe 2448 schtasks.exe 5948 schtasks.exe 5548 schtasks.exe 5696 schtasks.exe 6112 schtasks.exe 6980 schtasks.exe 5988 schtasks.exe 4156 schtasks.exe 6648 schtasks.exe 6004 schtasks.exe 5888 schtasks.exe 5212 schtasks.exe 220 schtasks.exe 5780 schtasks.exe 6396 schtasks.exe 6552 schtasks.exe 6804 schtasks.exe 1372 schtasks.exe 5784 schtasks.exe 2456 schtasks.exe 5212 schtasks.exe 5592 schtasks.exe 6904 schtasks.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
CrackLauncher.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exeíóòèïàõóé.exeíóòèïàõóé.exeCrackLauncher.exeCrackLauncher.exeíóòèïàõóé.exeCrackLauncher.exedescription pid process target process PID 2936 wrote to memory of 3948 2936 CrackLauncher.exe CrackLauncher.exe PID 2936 wrote to memory of 3948 2936 CrackLauncher.exe CrackLauncher.exe PID 2936 wrote to memory of 3948 2936 CrackLauncher.exe CrackLauncher.exe PID 2936 wrote to memory of 2044 2936 CrackLauncher.exe íóòèïàõóé.exe PID 2936 wrote to memory of 2044 2936 CrackLauncher.exe íóòèïàõóé.exe PID 2936 wrote to memory of 2044 2936 CrackLauncher.exe íóòèïàõóé.exe PID 3948 wrote to memory of 2924 3948 CrackLauncher.exe CrackLauncher.exe PID 3948 wrote to memory of 2924 3948 CrackLauncher.exe CrackLauncher.exe PID 3948 wrote to memory of 2924 3948 CrackLauncher.exe CrackLauncher.exe PID 3948 wrote to memory of 2848 3948 CrackLauncher.exe íóòèïàõóé.exe PID 3948 wrote to memory of 2848 3948 CrackLauncher.exe íóòèïàõóé.exe PID 3948 wrote to memory of 2848 3948 CrackLauncher.exe íóòèïàõóé.exe PID 2924 wrote to memory of 3780 2924 CrackLauncher.exe CrackLauncher.exe PID 2924 wrote to memory of 3780 2924 CrackLauncher.exe CrackLauncher.exe PID 2924 wrote to memory of 3780 2924 CrackLauncher.exe CrackLauncher.exe PID 2044 wrote to memory of 2228 2044 íóòèïàõóé.exe WScript.exe PID 2044 wrote to memory of 2228 2044 íóòèïàõóé.exe WScript.exe PID 2044 wrote to memory of 2228 2044 íóòèïàõóé.exe WScript.exe PID 2924 wrote to memory of 1208 2924 CrackLauncher.exe WScript.exe PID 2924 wrote to memory of 1208 2924 CrackLauncher.exe WScript.exe PID 2924 wrote to memory of 1208 2924 CrackLauncher.exe WScript.exe PID 2848 wrote to memory of 2712 2848 íóòèïàõóé.exe Conhost.exe PID 2848 wrote to memory of 2712 2848 íóòèïàõóé.exe Conhost.exe PID 2848 wrote to memory of 2712 2848 íóòèïàõóé.exe Conhost.exe PID 3780 wrote to memory of 5072 3780 CrackLauncher.exe CrackLauncher.exe PID 3780 wrote to memory of 5072 3780 CrackLauncher.exe CrackLauncher.exe PID 3780 wrote to memory of 5072 3780 CrackLauncher.exe CrackLauncher.exe PID 3780 wrote to memory of 4216 3780 CrackLauncher.exe Conhost.exe PID 3780 wrote to memory of 4216 3780 CrackLauncher.exe Conhost.exe PID 3780 wrote to memory of 4216 3780 CrackLauncher.exe Conhost.exe PID 1208 wrote to memory of 2784 1208 íóòèïàõóé.exe PID 1208 wrote to memory of 2784 1208 íóòèïàõóé.exe PID 1208 wrote to memory of 2784 1208 íóòèïàõóé.exe PID 5072 wrote to memory of 3952 5072 CrackLauncher.exe PID 5072 wrote to memory of 3952 5072 CrackLauncher.exe PID 5072 wrote to memory of 3952 5072 CrackLauncher.exe PID 5072 wrote to memory of 4644 5072 CrackLauncher.exe WScript.exe PID 5072 wrote to memory of 4644 5072 CrackLauncher.exe WScript.exe PID 5072 wrote to memory of 4644 5072 CrackLauncher.exe WScript.exe PID 4216 wrote to memory of 2628 4216 íóòèïàõóé.exe WScript.exe PID 4216 wrote to memory of 2628 4216 íóòèïàõóé.exe WScript.exe PID 4216 wrote to memory of 2628 4216 íóòèïàõóé.exe WScript.exe PID 4644 wrote to memory of 1312 4644 íóòèïàõóé.exe PID 4644 wrote to memory of 1312 4644 íóòèïàõóé.exe PID 4644 wrote to memory of 1312 4644 íóòèïàõóé.exe PID 3952 wrote to memory of 4284 3952 CrackLauncher.exe PID 3952 wrote to memory of 4284 3952 CrackLauncher.exe PID 3952 wrote to memory of 4284 3952 CrackLauncher.exe PID 3952 wrote to memory of 2976 3952 CrackLauncher.exe cmd.exe PID 3952 wrote to memory of 2976 3952 CrackLauncher.exe cmd.exe PID 3952 wrote to memory of 2976 3952 CrackLauncher.exe cmd.exe PID 4284 wrote to memory of 4604 4284 CrackLauncher.exe CrackLauncher.exe PID 4284 wrote to memory of 4604 4284 CrackLauncher.exe CrackLauncher.exe PID 4284 wrote to memory of 4604 4284 CrackLauncher.exe CrackLauncher.exe PID 2976 wrote to memory of 1668 2976 íóòèïàõóé.exe WScript.exe PID 2976 wrote to memory of 1668 2976 íóòèïàõóé.exe WScript.exe PID 2976 wrote to memory of 1668 2976 íóòèïàõóé.exe WScript.exe PID 4284 wrote to memory of 4012 4284 CrackLauncher.exe íóòèïàõóé.exe PID 4284 wrote to memory of 4012 4284 CrackLauncher.exe íóòèïàõóé.exe PID 4284 wrote to memory of 4012 4284 CrackLauncher.exe íóòèïàõóé.exe PID 4604 wrote to memory of 1708 4604 CrackLauncher.exe CrackLauncher.exe PID 4604 wrote to memory of 1708 4604 CrackLauncher.exe CrackLauncher.exe PID 4604 wrote to memory of 1708 4604 CrackLauncher.exe CrackLauncher.exe PID 4604 wrote to memory of 2916 4604 CrackLauncher.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3780 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3952 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4604 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"9⤵
- Checks computer location settings
- Executes dropped EXE
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
PID:4656 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
PID:3480 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
PID:2644 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
PID:1020 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
PID:3372 -
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"15⤵PID:3796
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"16⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"17⤵PID:3020
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"18⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"19⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"20⤵PID:4108
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"21⤵PID:4848
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"22⤵PID:3740
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"23⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"24⤵PID:4436
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"25⤵PID:968
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"26⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"27⤵PID:1452
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"28⤵PID:1552
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"29⤵PID:4032
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"30⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"31⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"32⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"33⤵PID:4372
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"34⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"35⤵PID:4160
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"36⤵PID:4768
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"37⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"38⤵PID:3796
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"39⤵PID:1360
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"40⤵PID:5296
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"41⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"42⤵PID:5980
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"43⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"44⤵PID:6132
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"45⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"46⤵PID:4812
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"47⤵PID:3192
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"48⤵PID:6428
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"49⤵PID:6724
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"50⤵PID:6968
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"51⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"52⤵PID:6436
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"53⤵PID:404
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"54⤵PID:7000
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"55⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"56⤵PID:4288
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"57⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"58⤵PID:4828
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"59⤵PID:6672
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"60⤵PID:1344
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"61⤵PID:7304
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"62⤵PID:7540
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"63⤵PID:7732
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"64⤵PID:7908
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"65⤵PID:8156
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"66⤵PID:7464
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"67⤵PID:7840
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"68⤵PID:8092
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"69⤵PID:1240
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"70⤵PID:1552
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"71⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"72⤵PID:3960
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"73⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"74⤵PID:8072
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"75⤵PID:5432
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"76⤵PID:7840
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"77⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"78⤵PID:5448
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"79⤵PID:976
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"80⤵PID:6124
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"81⤵PID:6244
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"82⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"83⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"84⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"85⤵PID:6752
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"86⤵PID:7060
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"87⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"88⤵PID:6024
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"89⤵PID:6904
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"90⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"91⤵PID:7060
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"92⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"93⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"94⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"95⤵PID:6952
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"96⤵PID:6968
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"97⤵PID:6936
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"98⤵PID:7128
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"99⤵PID:7160
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"100⤵PID:6900
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"101⤵PID:7060
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"102⤵PID:6916
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"103⤵PID:7200
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"104⤵PID:7384
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"105⤵PID:3152
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"106⤵PID:6972
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"107⤵PID:7972
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"108⤵PID:7544
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"109⤵PID:3780
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"110⤵PID:4628
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"111⤵PID:5036
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"112⤵PID:1732
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"113⤵PID:8168
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"114⤵PID:4784
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"115⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"116⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"117⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"118⤵PID:5252
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"119⤵PID:396
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"120⤵PID:7456
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"121⤵PID:5500
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"122⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"123⤵PID:5348
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"124⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"125⤵PID:5992
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"126⤵PID:8488
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"127⤵PID:8748
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"128⤵PID:9120
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"129⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"130⤵PID:6072
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"131⤵PID:6480
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"132⤵PID:6824
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"133⤵PID:6888
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"134⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"135⤵PID:7136
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"136⤵PID:4312
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"137⤵PID:6596
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"138⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"139⤵PID:6592
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"140⤵PID:7696
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"141⤵PID:7816
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"142⤵PID:3848
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"143⤵PID:8056
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"144⤵PID:7264
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"145⤵PID:7732
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"146⤵PID:7556
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"147⤵PID:7408
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"148⤵PID:7932
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"149⤵PID:7624
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"150⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"151⤵PID:5188
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"152⤵PID:6900
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"153⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"154⤵PID:7652
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"155⤵PID:4192
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"156⤵PID:5152
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"157⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"158⤵PID:6216
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"159⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"160⤵PID:2660
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"161⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"162⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"163⤵PID:732
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"164⤵PID:5700
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"165⤵PID:8720
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"166⤵PID:2896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"167⤵PID:6192
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"168⤵PID:6912
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"169⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"170⤵PID:8484
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"171⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"172⤵PID:9052
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"173⤵PID:3908
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"174⤵PID:5588
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"175⤵PID:8500
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"176⤵PID:6524
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"177⤵PID:8608
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"178⤵PID:8896
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"179⤵PID:7012
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"180⤵PID:6624
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"181⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"182⤵PID:9108
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"183⤵PID:8900
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"184⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"185⤵PID:6400
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"186⤵PID:1940
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"187⤵PID:4740
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"188⤵PID:1820
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"189⤵PID:6876
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"190⤵PID:5444
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"191⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"192⤵PID:8240
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"193⤵PID:4536
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"194⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"195⤵PID:7964
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"196⤵PID:8584
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"197⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"198⤵PID:9124
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"199⤵PID:3840
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"200⤵PID:7940
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"201⤵PID:6612
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"202⤵PID:6312
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"203⤵PID:4408
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"204⤵PID:4536
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"205⤵PID:1948
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"206⤵PID:6196
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"207⤵PID:5788
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"208⤵PID:8740
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"209⤵PID:5288
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"210⤵PID:7908
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"211⤵PID:8476
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"212⤵PID:9032
-
C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"213⤵PID:6408
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"213⤵PID:5320
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"212⤵PID:8488
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"211⤵PID:7484
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"212⤵PID:5196
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"210⤵PID:8052
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"211⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"209⤵PID:3640
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"210⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"208⤵PID:5376
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"209⤵PID:8060
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"207⤵PID:7708
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"208⤵PID:5192
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"206⤵PID:6900
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"207⤵PID:5824
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"205⤵PID:8504
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"206⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"204⤵PID:1448
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"205⤵PID:9016
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"203⤵PID:4396
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"204⤵PID:5252
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"202⤵PID:556
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"203⤵PID:3672
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"201⤵PID:5160
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"202⤵PID:400
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"200⤵PID:7576
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"201⤵PID:3708
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"199⤵PID:3704
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"200⤵PID:7652
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"198⤵PID:5560
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"199⤵PID:7732
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"197⤵PID:7908
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"198⤵PID:648
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"196⤵PID:6704
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"197⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"195⤵PID:1548
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"196⤵PID:7632
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"194⤵PID:7500
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"195⤵PID:7160
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"193⤵PID:2148
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"194⤵PID:468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"192⤵PID:6620
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"193⤵PID:5040
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"191⤵PID:7336
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"192⤵PID:7256
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"190⤵PID:6196
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"191⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"189⤵PID:6232
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"190⤵PID:8636
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"188⤵PID:5408
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"189⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"187⤵PID:8980
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"188⤵PID:9108
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"186⤵PID:5092
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"187⤵PID:7600
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"185⤵PID:5592
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"186⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"184⤵PID:8652
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"185⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"183⤵PID:6672
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"184⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"182⤵PID:1704
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"183⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"181⤵PID:8500
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"182⤵PID:6568
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"180⤵PID:8240
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"181⤵PID:1096
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"179⤵PID:6308
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"180⤵PID:9044
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"178⤵PID:8988
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"179⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"177⤵PID:9012
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"178⤵PID:8472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "179⤵PID:7748
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"176⤵PID:9168
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"177⤵PID:8760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "178⤵PID:6796
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"175⤵PID:1912
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"176⤵PID:5808
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "177⤵PID:5348
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"174⤵PID:5524
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"175⤵PID:6444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "176⤵PID:9144
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"177⤵PID:8872
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"173⤵PID:8948
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"174⤵PID:8676
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "175⤵PID:8284
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"176⤵PID:8212
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"172⤵PID:8544
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"173⤵PID:9088
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "174⤵PID:8340
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"175⤵PID:4428
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"171⤵PID:8356
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"172⤵PID:9076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "173⤵PID:6068
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"174⤵PID:2148
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"170⤵PID:8480
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"171⤵PID:6384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "172⤵PID:8332
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"173⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"169⤵PID:5156
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"170⤵PID:8476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "171⤵PID:7184
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"172⤵PID:8924
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"168⤵PID:8288
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"169⤵PID:6276
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "170⤵PID:6896
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"171⤵PID:1344
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"167⤵PID:3584
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"168⤵PID:5848
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "169⤵PID:1996
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"170⤵PID:7356
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"166⤵PID:8236
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"167⤵PID:8308
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "168⤵PID:7336
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"169⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"165⤵PID:8876
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"166⤵PID:5200
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "167⤵PID:7840
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"168⤵PID:556
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"164⤵PID:7748
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"165⤵PID:8712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "166⤵PID:3756
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"167⤵PID:7272
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"163⤵PID:5144
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"164⤵PID:5336
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "165⤵PID:5968
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"166⤵PID:5424
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"162⤵PID:8444
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"163⤵PID:3104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "164⤵PID:2976
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"165⤵PID:6104
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"161⤵PID:2896
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"162⤵PID:8200
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "163⤵PID:848
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"164⤵PID:4928
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"160⤵PID:7688
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"161⤵PID:5824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "162⤵PID:8296
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"163⤵PID:8700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"159⤵PID:3104
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"160⤵PID:6128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "161⤵PID:1728
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"162⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"158⤵PID:7700
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"159⤵PID:4824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "160⤵PID:7568
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"161⤵PID:1240
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"157⤵PID:3024
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"158⤵PID:5272
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "159⤵PID:444
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"160⤵PID:7472
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"156⤵PID:4332
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"157⤵PID:6248
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "158⤵PID:3940
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"159⤵PID:5188
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"155⤵PID:7488
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"156⤵PID:7036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "157⤵PID:7800
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"158⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"154⤵PID:4820
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"155⤵PID:8644
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "156⤵PID:6260
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"157⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"153⤵PID:2712
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"154⤵PID:8040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "155⤵PID:4624
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"156⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"152⤵PID:6832
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"153⤵PID:7856
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "154⤵PID:6564
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"155⤵PID:6864
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"151⤵PID:6680
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"152⤵PID:6480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "153⤵PID:5684
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"154⤵PID:8124
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"150⤵PID:4440
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"151⤵PID:2844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "152⤵PID:7216
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"153⤵PID:3504
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"149⤵PID:2712
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"150⤵PID:7732
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "151⤵PID:7948
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"152⤵PID:8100
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"148⤵PID:8000
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"149⤵PID:5944
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "150⤵PID:7220
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"151⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"147⤵PID:7488
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"148⤵PID:7592
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "149⤵PID:2496
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"150⤵PID:2424
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"146⤵PID:8268
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"147⤵PID:7140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "148⤵PID:7752
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"149⤵PID:7128
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"145⤵PID:8048
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"146⤵PID:5028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "147⤵PID:7952
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"148⤵PID:4196
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"144⤵PID:6832
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"145⤵PID:3380
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "146⤵PID:4468
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"147⤵PID:6012
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"143⤵PID:6460
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"144⤵PID:4848
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "145⤵PID:7620
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"146⤵PID:3264
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"142⤵PID:6936
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"143⤵PID:8844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "144⤵PID:6180
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"145⤵PID:3568
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"141⤵PID:7316
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"142⤵PID:7188
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "143⤵PID:4580
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"144⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"140⤵PID:8920
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"141⤵PID:9124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "142⤵PID:9008
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"143⤵PID:6108
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"139⤵PID:1904
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"140⤵PID:748
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "141⤵PID:7096
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"142⤵PID:8224
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"138⤵PID:6772
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"139⤵PID:7916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "140⤵PID:8528
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"141⤵PID:8668
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"137⤵PID:7112
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"138⤵PID:7896
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "139⤵PID:8664
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"140⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"136⤵PID:7700
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"137⤵PID:8792
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "138⤵PID:8608
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"139⤵PID:6764
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"135⤵PID:6516
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"136⤵PID:7116
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "137⤵PID:8888
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"138⤵PID:6808
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"134⤵PID:6324
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"135⤵PID:8780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "136⤵PID:6712
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"137⤵PID:6356
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"133⤵PID:7516
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"134⤵PID:3040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "135⤵PID:8808
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"136⤵PID:9156
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"132⤵PID:556
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"133⤵PID:1820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "134⤵PID:5140
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"135⤵PID:8624
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"131⤵PID:6148
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"132⤵PID:6568
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "133⤵PID:8708
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"134⤵PID:8564
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"130⤵PID:8664
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"131⤵PID:5368
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "132⤵PID:8552
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"133⤵PID:7016
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"129⤵PID:2028
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"130⤵PID:5992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "131⤵PID:3584
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"132⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"128⤵PID:9160
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"129⤵PID:5960
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "130⤵PID:8972
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"131⤵PID:8332
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"127⤵PID:8788
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"128⤵PID:6340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "129⤵PID:8612
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"130⤵PID:5448
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"126⤵PID:8528
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"127⤵PID:8704
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "128⤵PID:6336
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"129⤵PID:5144
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"125⤵PID:8216
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"126⤵PID:8480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "127⤵PID:1312
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"128⤵PID:8428
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"124⤵PID:5740
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"125⤵PID:6068
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "126⤵PID:8700
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"127⤵PID:5708
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"123⤵PID:5992
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"124⤵PID:232
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "125⤵PID:7232
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"126⤵PID:2928
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"122⤵PID:5588
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"123⤵PID:5156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "124⤵PID:7432
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"125⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"121⤵PID:6096
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"122⤵PID:7068
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "123⤵PID:5292
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"124⤵PID:5344
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"120⤵PID:5204
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"121⤵PID:4304
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "122⤵PID:2416
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"123⤵PID:7656
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"119⤵PID:3796
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"120⤵PID:4080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "121⤵PID:5920
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"122⤵PID:5036
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"118⤵PID:8168
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"119⤵PID:2744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "120⤵PID:6680
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"121⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"117⤵PID:5848
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"118⤵PID:5864
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "119⤵PID:2032
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"120⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"116⤵PID:5288
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"117⤵PID:8008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "118⤵PID:7640
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"119⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"115⤵PID:8152
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"116⤵PID:5708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "117⤵PID:8124
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"118⤵PID:4368
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"114⤵PID:4420
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"115⤵PID:1408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "116⤵PID:5868
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"117⤵PID:7872
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"113⤵PID:648
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"114⤵PID:7640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "115⤵PID:5472
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"116⤵PID:6392
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"112⤵PID:4656
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"113⤵PID:6680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "114⤵PID:544
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"115⤵PID:7756
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"111⤵PID:3708
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"112⤵PID:1948
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "113⤵PID:7948
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"114⤵PID:8016
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"110⤵PID:7732
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"111⤵PID:1584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "112⤵PID:7940
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"113⤵PID:7588
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"109⤵PID:7192
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"110⤵PID:3788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "111⤵PID:6160
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"112⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"108⤵PID:7788
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"109⤵PID:7332
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "110⤵PID:5128
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"111⤵PID:3264
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"107⤵PID:6680
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"108⤵PID:7712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "109⤵PID:3240
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"110⤵PID:2872
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"106⤵PID:7996
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"107⤵PID:6392
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "108⤵PID:4156
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"109⤵PID:916
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"105⤵PID:7576
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"106⤵PID:400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "107⤵PID:6952
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"108⤵PID:6868
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"104⤵PID:7964
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"105⤵PID:7616
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "106⤵PID:3020
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"107⤵PID:6636
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"103⤵PID:4892
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"104⤵PID:7572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "105⤵PID:1132
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"106⤵PID:7064
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"102⤵PID:7336
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"103⤵PID:6456
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "104⤵PID:6580
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"105⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"101⤵PID:7316
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"102⤵PID:6860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "103⤵PID:6532
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"104⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"100⤵PID:1504
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"101⤵PID:7276
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "102⤵PID:9136
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"103⤵PID:5392
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"99⤵PID:6800
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"100⤵PID:2456
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "101⤵PID:5444
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"102⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"98⤵PID:5056
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"99⤵PID:5364
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "100⤵PID:1044
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"101⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"97⤵PID:7132
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"98⤵PID:4156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "99⤵PID:6928
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"100⤵PID:6548
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"96⤵PID:6456
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"97⤵PID:6788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "98⤵PID:5360
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"99⤵PID:8832
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"95⤵PID:6252
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"96⤵PID:5768
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "97⤵PID:6668
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"98⤵PID:6908
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"94⤵PID:7164
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"95⤵PID:6708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "96⤵PID:2392
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"97⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"93⤵PID:6936
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"94⤵PID:6908
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "95⤵PID:6448
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"96⤵PID:9160
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"92⤵PID:6248
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"93⤵PID:7040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "94⤵PID:8604
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"95⤵PID:6500
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"91⤵PID:5640
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"92⤵PID:5520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "93⤵PID:8368
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"94⤵PID:7072
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"90⤵PID:7132
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"91⤵PID:5468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "92⤵PID:4188
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"93⤵PID:5324
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"89⤵PID:6976
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"90⤵PID:6496
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "91⤵PID:9144
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"92⤵PID:6716
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"88⤵PID:4772
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"89⤵PID:6876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "90⤵PID:8964
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"91⤵PID:5884
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"87⤵PID:6624
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"88⤵PID:2228
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "89⤵PID:8724
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"90⤵PID:6384
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"86⤵PID:6476
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"87⤵PID:5540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "88⤵PID:8496
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"89⤵PID:9180
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"85⤵PID:7024
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"86⤵PID:5256
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "87⤵PID:8308
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"88⤵PID:8684
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"84⤵PID:5396
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"85⤵PID:6412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "86⤵PID:8204
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"87⤵PID:8696
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"83⤵PID:5568
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"84⤵PID:6052
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "85⤵PID:3684
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"86⤵PID:8836
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"82⤵PID:3680
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"83⤵PID:5564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "84⤵PID:5812
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"85⤵PID:9012
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"81⤵PID:2784
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"82⤵PID:4184
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "83⤵PID:6096
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"84⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"80⤵PID:5804
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"81⤵PID:5788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "82⤵PID:6120
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"83⤵PID:8260
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"79⤵PID:5540
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"80⤵PID:232
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "81⤵PID:4960
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"82⤵PID:3492
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"78⤵PID:6076
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"79⤵PID:8116
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "80⤵PID:5984
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"81⤵PID:6264
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"77⤵PID:5824
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"78⤵PID:2156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "79⤵PID:5344
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"80⤵PID:2660
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"76⤵PID:5224
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"77⤵PID:4484
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "78⤵PID:5888
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"79⤵PID:1200
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"75⤵PID:5372
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"76⤵PID:6140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "77⤵PID:3780
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"78⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"74⤵PID:5312
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"75⤵PID:2876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "76⤵PID:5132
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"77⤵PID:2984
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"73⤵PID:5844
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"74⤵PID:5952
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "75⤵PID:8128
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"76⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"72⤵PID:5400
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"73⤵PID:5384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "74⤵PID:5236
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"75⤵PID:8152
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"71⤵PID:3024
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"72⤵PID:1240
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "73⤵PID:5800
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"74⤵PID:5452
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"70⤵PID:4928
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"71⤵PID:5168
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "72⤵PID:8088
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"73⤵PID:5736
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"69⤵PID:5504
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"70⤵PID:1208
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "71⤵PID:4368
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"72⤵PID:5856
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"68⤵PID:1732
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"69⤵PID:4396
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "70⤵PID:8104
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"71⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"67⤵PID:4784
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"68⤵PID:7988
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "69⤵PID:4440
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"70⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"66⤵PID:7444
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"67⤵PID:7920
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "68⤵PID:3944
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"69⤵PID:7716
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"65⤵PID:2396
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"66⤵PID:4932
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "67⤵PID:3152
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"68⤵PID:7200
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"64⤵PID:7988
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"65⤵PID:4720
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "66⤵PID:7300
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"67⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"63⤵PID:7760
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"64⤵PID:8148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "65⤵PID:2888
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"66⤵PID:4720
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"62⤵PID:7592
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"63⤵PID:7780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "64⤵PID:8076
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"65⤵PID:8184
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"61⤵PID:7348
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"62⤵PID:7548
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "63⤵PID:5900
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"64⤵PID:5592
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"60⤵PID:2500
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"61⤵PID:7296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "62⤵PID:4848
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"63⤵PID:6988
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"59⤵PID:3572
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"60⤵PID:1904
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "61⤵PID:6884
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"62⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"58⤵PID:2776
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"59⤵PID:4468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "60⤵PID:7284
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵PID:4744
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"61⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"57⤵PID:5580
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"58⤵PID:5212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "59⤵PID:6196
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"60⤵PID:6960
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"56⤵PID:6180
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"57⤵PID:6012
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "58⤵PID:6476
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"59⤵PID:7368
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"55⤵PID:3944
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"56⤵PID:2912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "57⤵PID:3040
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"58⤵PID:6240
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"54⤵PID:4800
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"55⤵PID:2424
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "56⤵PID:6748
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"57⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"53⤵PID:6844
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"54⤵PID:7088
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "55⤵PID:6728
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"56⤵PID:7148
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"52⤵PID:1528
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"53⤵PID:6860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "54⤵PID:100
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"55⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"51⤵PID:6216
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"52⤵PID:6520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "53⤵PID:6652
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"54⤵PID:3372
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"50⤵PID:7048
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"51⤵PID:5416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "52⤵PID:6480
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"53⤵PID:6508
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"49⤵PID:6772
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"50⤵PID:7008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "51⤵PID:6440
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"52⤵PID:5936
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"48⤵PID:6516
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"49⤵PID:6744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "50⤵PID:6220
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"51⤵PID:6536
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"47⤵PID:5808
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"48⤵PID:6508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "49⤵PID:6236
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"50⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"46⤵PID:5880
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"47⤵PID:6168
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "48⤵PID:6068
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"49⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"45⤵PID:5808
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"46⤵PID:5768
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "47⤵PID:4776
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"48⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"44⤵PID:5408
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"45⤵PID:2660
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "46⤵PID:5336
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"47⤵PID:5608
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"43⤵PID:5576
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"44⤵PID:4644
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "45⤵PID:5428
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"46⤵PID:8020
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"42⤵PID:6088
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"43⤵PID:5568
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "44⤵PID:1008
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"45⤵PID:5136
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"41⤵PID:5696
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"42⤵PID:6048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "43⤵PID:3592
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"44⤵PID:5800
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"40⤵PID:5352
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"41⤵PID:5688
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "42⤵PID:8028
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"43⤵PID:4784
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"39⤵PID:5136
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"40⤵PID:5344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "41⤵PID:2188
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"42⤵PID:5476
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"38⤵PID:2228
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"39⤵PID:5128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "40⤵PID:860
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"41⤵PID:1520
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"37⤵PID:3380
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"38⤵PID:2784
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "39⤵PID:7748
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"40⤵PID:8092
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"36⤵PID:1820
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"37⤵PID:1520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "38⤵PID:6216
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"39⤵PID:4668
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"35⤵PID:4824
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"36⤵PID:1724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "37⤵PID:7732
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"38⤵PID:8156
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"34⤵PID:2400
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"35⤵PID:3600
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "36⤵PID:2668
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"37⤵PID:7972
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"33⤵PID:1552
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"34⤵PID:4440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "35⤵PID:2484
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"36⤵PID:7000
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"32⤵PID:1788
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"33⤵PID:444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "34⤵PID:1644
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"35⤵PID:3204
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"31⤵PID:3952
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"32⤵PID:2896
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "33⤵PID:8120
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"34⤵PID:7636
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"30⤵PID:3264
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"31⤵PID:3412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "32⤵PID:7724
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"33⤵PID:8172
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"29⤵PID:4524
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"30⤵PID:1468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "31⤵PID:7560
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"32⤵PID:7860
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"28⤵PID:2056
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"29⤵PID:212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "30⤵PID:7220
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"31⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"27⤵PID:312
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"28⤵PID:4848
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "29⤵PID:6212
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"30⤵PID:7256
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"26⤵PID:3336
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"27⤵PID:1344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "28⤵PID:6684
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"29⤵PID:7284
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"25⤵PID:4644
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"26⤵PID:4084
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "27⤵PID:5408
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"28⤵PID:5668
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"24⤵PID:2888
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"25⤵PID:4220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "26⤵PID:4020
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"27⤵PID:6036
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"23⤵PID:5092
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"24⤵PID:5036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "25⤵PID:4312
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"26⤵PID:7136
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"22⤵PID:3840
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"23⤵PID:2872
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "24⤵PID:6968
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"25⤵PID:4540
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"21⤵PID:3532
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"22⤵PID:3708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "23⤵PID:6880
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"24⤵PID:6248
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"20⤵PID:2416
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"21⤵PID:4800
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "22⤵PID:6280
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"23⤵PID:6912
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"19⤵PID:5040
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"20⤵PID:3908
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "21⤵PID:7104
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"22⤵PID:6568
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"18⤵PID:3320
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"19⤵PID:1904
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "20⤵PID:6760
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"21⤵PID:5124
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"17⤵PID:1360
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"18⤵PID:1972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "19⤵PID:6540
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"20⤵PID:7016
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"16⤵PID:968
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"17⤵PID:4204
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "18⤵PID:5436
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV119⤵PID:4216
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"19⤵PID:6732
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"15⤵PID:4984
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"16⤵PID:2756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "17⤵PID:5888
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"18⤵PID:2296
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"14⤵
- Executes dropped EXE
PID:4744 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"15⤵PID:2296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "16⤵PID:4580
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"17⤵PID:6284
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
PID:1456 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"14⤵PID:2620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "15⤵PID:5700
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"16⤵PID:5192
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:2668 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"13⤵PID:3692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "14⤵PID:5956
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"15⤵PID:1200
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:4848 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"12⤵PID:4004
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "13⤵PID:5396
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"14⤵PID:5556
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:3040 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"11⤵PID:4332
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "12⤵PID:2228
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"13⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"9⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:2916 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"10⤵PID:4000
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "11⤵PID:6068
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"12⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:4012 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"9⤵PID:1212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "10⤵PID:5992
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"11⤵PID:5468
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"8⤵PID:1668
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "9⤵PID:5372
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"10⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"7⤵PID:1312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "8⤵PID:1008
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"9⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"6⤵PID:2628
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "7⤵PID:3532
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"8⤵PID:5452
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1208 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"5⤵PID:2784
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "6⤵PID:4512
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵PID:2712
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"7⤵PID:5840
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"4⤵PID:2712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "5⤵PID:3040
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"6⤵PID:4208
-
C:\Recovery\WindowsRE\RuntimeBroker.exe"C:\Recovery\WindowsRE\RuntimeBroker.exe"7⤵PID:3264
-
C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"C:\Users\Admin\AppData\Local\Temp\íóòèïàõóé.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\bridgeServercomponentFontDriver\SND7XTuGR2g.vbe"3⤵PID:2228
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\bridgeServercomponentFontDriver\9qhNErD.bat" "4⤵PID:4420
-
C:\bridgeServercomponentFontDriver\MsHostsvc.exe"C:\bridgeServercomponentFontDriver\MsHostsvc.exe"5⤵PID:5028
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\TrustedInstaller.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5948
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstaller" /sc ONLOGON /tr "'C:\Users\All Users\TrustedInstaller.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5972
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\TrustedInstaller.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6004
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Photo Viewer\ja-JP\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5124
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\ja-JP\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2032
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Windows Photo Viewer\ja-JP\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5212
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\regid.1991-06.com.microsoft\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5176
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Users\All Users\regid.1991-06.com.microsoft\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5548
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\regid.1991-06.com.microsoft\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5356
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Windows Photo Viewer\it-IT\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5784
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\it-IT\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5988
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Photo Viewer\it-IT\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2456
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\TrustedInstaller.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5212
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstaller" /sc ONLOGON /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\TrustedInstaller.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5364
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\TrustedInstaller.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5256
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Photo Viewer\ja-JP\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6028
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Windows Photo Viewer\ja-JP\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5592
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Photo Viewer\ja-JP\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5888
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Mail\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5212
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5696
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Mail\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:220
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6112
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2448
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:5780
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 12 /tr "'C:\Windows\ShellComponents\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6212
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Windows\ShellComponents\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6276
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 13 /tr "'C:\Windows\ShellComponents\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6396
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6460
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6552
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6648
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6804
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6904
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\Recovery\WindowsRE\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:6980
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 8 /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:7036
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1372
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\bridgeServercomponentFontDriver\wscript.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5a7a6c9f410573c8fbd408170eab6aa33
SHA199354c9e2c7fc978abd47e8d2ec1a403bcc5dfd6
SHA2569d5aaaf2551239a60ec1a383a3512be976cfaa866573e86687c59412ae167974
SHA512f3dbb349ed88f1d9b7c6d1e0ffc2fa12b3d2f68209eaf97ff8bf4344c5a87e39ba3588584df4b656acdcf1b1526415b0a06e921f405bc836792c9b55a794d6b5
-
Filesize
2.7MB
MD590094c2066f9e53cb9217876c833c269
SHA1da9086b65e114257168e634cc921e1ab1c069144
SHA256371427ad07be3f9c39773c3c0c4b95c86f63dc2e427835565b159f3686818bd0
SHA512ef4a15be7efa9ac59c991c64c5afa5fb9e8015334f69e1c64315f788345c456fec5caf58605ccf08afaf16f1a2f7cc2fda1ffd85850d6c2ea268c63efc261aa8
-
Filesize
3.0MB
MD5d80301cde99009a601e22c0f9cb3433a
SHA1d82a05a75f31ec11ced2f6c5e0b945510dbfcd5a
SHA256334e48543f8c2d0203135f7820116b676467ae1c1a3d6eabd8b17f96308e5574
SHA51202b744e15834b654b1d4772d8f2ddc26ca773a9139d9d12fec12c2749e09e69c904014c8464762a7bd97aa8413971193a8c386bb2bfecc14fc8aabd78383888b
-
Filesize
215B
MD5bd091f4d8a1df91d73b0c65a4ba02330
SHA1bef757dc154e1d4a0fc91f8ce1e4072c4c12d6df
SHA2567eeb92d6b5e2faca9ea5763051aac81b7851f4aefe76680ccb25a3aec7e05be2
SHA5120559ece912e8d3f061e615dd55ced1ddb75c743014b99f4589421c192a4aadf58c41c5b8d72cb96ac3b40f4326e7a7c5791691d557036fb3df2df8f78ff2a98c