ardamax | f5bd7c5997a98ad3559e3623cf99985388e0d54d970dee47228310f8aedc33a9

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ardamax Keylogger 4.0.2 + Serial/setup_akl.exe
Size

3.7MB
MD5

95a6c69fbfd7e0d1ac7690a0f30bc9a5
SHA1

1fa1f827c8d071c1acf4febdecc6bb69fc7b88a4
SHA256

a194ad107256b7783b2b82f512468c44743f708e57f1784b4e89b817b39ae019
SHA512

c79ced7b3f1a23e1bbdb4c05b9e319312b5d7e0044759a4b6f4bb16407920ed1329a865f08a1f98811c76a47937b6ba9d9209bd46a5c8466aedab0f5b7a5e922
SSDEEP

98304:2IMVXIWgIfWo92sB9W17iq99DOQxrBa9KSQh4xCd5wGBhIRkfYha:2L44fW+jB9UiC97Z4KSjx0wyO

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup_akl.exe

Executes dropped EXE 64 IoCs

pid	Process
2708	FJS.exe
3524	FJS.exe
2936	FJS.exe
3276	FJS.exe
232	FJS.exe
1632	FJS.exe
3876	FJS.exe
1996	FJS.exe
736	FJS.exe
1504	FJS.exe
2900	FJS.exe
1392	FJS.exe
4952	FJS.exe
2092	FJS.exe
2984	FJS.exe
2324	FJS.exe
1984	FJS.exe
1832	FJS.exe
32	FJS.exe
1296	FJS.exe
452	FJS.exe
3980	FJS.exe
1996	FJS.exe
4324	FJS.exe
1020	FJS.exe
4200	FJS.exe
4372	FJS.exe
2052	FJS.exe
412	FJS.exe
4680	FJS.exe
1228	FJS.exe
3036	FJS.exe
1080	FJS.exe
3912	FJS.exe
3004	FJS.exe
1480	FJS.exe
4504	FJS.exe
4800	FJS.exe
4212	FJS.exe
2356	FJS.exe
4472	FJS.exe
4156	FJS.exe
3640	FJS.exe
2128	FJS.exe
4660	FJS.exe
2308	FJS.exe
876	FJS.exe
664	FJS.exe
4880	FJS.exe
680	FJS.exe
2832	FJS.exe
4800	FJS.exe
736	FJS.exe
4696	FJS.exe
2204	FJS.exe
1392	FJS.exe
4488	FJS.exe
5012	FJS.exe
4512	FJS.exe
2096	FJS.exe
2660	FJS.exe
5108	FJS.exe
400	FJS.exe
1684	FJS.exe

Loads dropped DLL 64 IoCs

pid	Process
2708	FJS.exe
2708	FJS.exe
3036	setup_akl.exe
3036	setup_akl.exe
3524	FJS.exe
3524	FJS.exe
2936	FJS.exe
2936	FJS.exe
3276	FJS.exe
3276	FJS.exe
2844	setup_akl.exe
2844	setup_akl.exe
232	FJS.exe
232	FJS.exe
1632	FJS.exe
1632	FJS.exe
3876	FJS.exe
3876	FJS.exe
680	setup_akl.exe
680	setup_akl.exe
1996	FJS.exe
1996	FJS.exe
736	FJS.exe
736	FJS.exe
1504	FJS.exe
1504	FJS.exe
2900	FJS.exe
2900	FJS.exe
1392	FJS.exe
1392	FJS.exe
4952	FJS.exe
4952	FJS.exe
2092	FJS.exe
2092	FJS.exe
2984	FJS.exe
2984	FJS.exe
2324	FJS.exe
2324	FJS.exe
1984	FJS.exe
1984	FJS.exe
1832	FJS.exe
1832	FJS.exe
32	FJS.exe
32	FJS.exe
1296	FJS.exe
1296	FJS.exe
452	FJS.exe
452	FJS.exe
3980	FJS.exe
3980	FJS.exe
1996	FJS.exe
1996	FJS.exe
1592	setup_akl.exe
1592	setup_akl.exe
4324	FJS.exe
4324	FJS.exe
1020	FJS.exe
1020	FJS.exe
4200	FJS.exe
4200	FJS.exe
4372	FJS.exe
4372	FJS.exe
2052	FJS.exe
2052	FJS.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FJS Start = "C:\\ProgramData\\HQLGHD\\FJS.exe"	FJS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_akl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FJS.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2708	FJS.exe
2708	FJS.exe
2936	FJS.exe
2936	FJS.exe
3276	FJS.exe
3276	FJS.exe
1632	FJS.exe
1632	FJS.exe
3876	FJS.exe
3876	FJS.exe
736	FJS.exe
736	FJS.exe
1504	FJS.exe
1504	FJS.exe
2900	FJS.exe
2900	FJS.exe
1392	FJS.exe
1392	FJS.exe
4952	FJS.exe
4952	FJS.exe
2092	FJS.exe
2092	FJS.exe
2984	FJS.exe
2984	FJS.exe
2324	FJS.exe
2324	FJS.exe
1984	FJS.exe
1984	FJS.exe
1832	FJS.exe
1832	FJS.exe
32	FJS.exe
32	FJS.exe
1296	FJS.exe
1296	FJS.exe
452	FJS.exe
452	FJS.exe
3980	FJS.exe
3980	FJS.exe
1996	FJS.exe
1996	FJS.exe
1020	FJS.exe
1020	FJS.exe
4200	FJS.exe
4200	FJS.exe
4372	FJS.exe
4372	FJS.exe
2052	FJS.exe
2052	FJS.exe
412	FJS.exe
412	FJS.exe
4680	FJS.exe
4680	FJS.exe
1228	FJS.exe
1228	FJS.exe
3036	FJS.exe
3036	FJS.exe
3912	FJS.exe
3912	FJS.exe
3004	FJS.exe
3004	FJS.exe
1480	FJS.exe
1480	FJS.exe
4504	FJS.exe
4504	FJS.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2708	FJS.exe
2708	FJS.exe
2708	FJS.exe
2708	FJS.exe
2936	FJS.exe
2936	FJS.exe
2936	FJS.exe
2936	FJS.exe
3276	FJS.exe
3276	FJS.exe
3276	FJS.exe
3276	FJS.exe
1632	FJS.exe
1632	FJS.exe
1632	FJS.exe
1632	FJS.exe
3876	FJS.exe
3876	FJS.exe
3876	FJS.exe
3876	FJS.exe
736	FJS.exe
736	FJS.exe
736	FJS.exe
736	FJS.exe
1504	FJS.exe
1504	FJS.exe
1504	FJS.exe
1504	FJS.exe
2900	FJS.exe
2900	FJS.exe
2900	FJS.exe
2900	FJS.exe
1392	FJS.exe
1392	FJS.exe
1392	FJS.exe
1392	FJS.exe
4952	FJS.exe
4952	FJS.exe
4952	FJS.exe
4952	FJS.exe
2092	FJS.exe
2092	FJS.exe
2092	FJS.exe
2092	FJS.exe
2984	FJS.exe
2984	FJS.exe
2984	FJS.exe
2984	FJS.exe
2324	FJS.exe
2324	FJS.exe
2324	FJS.exe
2324	FJS.exe
1984	FJS.exe
1984	FJS.exe
1984	FJS.exe
1984	FJS.exe
1832	FJS.exe
1832	FJS.exe
1832	FJS.exe
1832	FJS.exe
32	FJS.exe
32	FJS.exe
32	FJS.exe
32	FJS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 2708	4252	setup_akl.exe	83
PID 4252 wrote to memory of 2708	4252	setup_akl.exe	83
PID 4252 wrote to memory of 2708	4252	setup_akl.exe	83
PID 4252 wrote to memory of 3036	4252	setup_akl.exe	84
PID 4252 wrote to memory of 3036	4252	setup_akl.exe	84
PID 4252 wrote to memory of 3036	4252	setup_akl.exe	84
PID 3036 wrote to memory of 3524	3036	setup_akl.exe	85
PID 3036 wrote to memory of 3524	3036	setup_akl.exe	85
PID 3036 wrote to memory of 3524	3036	setup_akl.exe	85
PID 3036 wrote to memory of 2264	3036	setup_akl.exe	86
PID 3036 wrote to memory of 2264	3036	setup_akl.exe	86
PID 3036 wrote to memory of 2264	3036	setup_akl.exe	86
PID 2264 wrote to memory of 2936	2264	setup_akl.exe	87
PID 2264 wrote to memory of 2936	2264	setup_akl.exe	87
PID 2264 wrote to memory of 2936	2264	setup_akl.exe	87
PID 2264 wrote to memory of 3296	2264	setup_akl.exe	88
PID 2264 wrote to memory of 3296	2264	setup_akl.exe	88
PID 2264 wrote to memory of 3296	2264	setup_akl.exe	88
PID 3296 wrote to memory of 3276	3296	setup_akl.exe	89
PID 3296 wrote to memory of 3276	3296	setup_akl.exe	89
PID 3296 wrote to memory of 3276	3296	setup_akl.exe	89
PID 3296 wrote to memory of 2844	3296	setup_akl.exe	90
PID 3296 wrote to memory of 2844	3296	setup_akl.exe	90
PID 3296 wrote to memory of 2844	3296	setup_akl.exe	90
PID 2844 wrote to memory of 232	2844	setup_akl.exe	91
PID 2844 wrote to memory of 232	2844	setup_akl.exe	91
PID 2844 wrote to memory of 232	2844	setup_akl.exe	91
PID 2844 wrote to memory of 4128	2844	setup_akl.exe	92
PID 2844 wrote to memory of 4128	2844	setup_akl.exe	92
PID 2844 wrote to memory of 4128	2844	setup_akl.exe	92
PID 4128 wrote to memory of 1632	4128	setup_akl.exe	93
PID 4128 wrote to memory of 1632	4128	setup_akl.exe	93
PID 4128 wrote to memory of 1632	4128	setup_akl.exe	93
PID 4128 wrote to memory of 3120	4128	setup_akl.exe	94
PID 4128 wrote to memory of 3120	4128	setup_akl.exe	94
PID 4128 wrote to memory of 3120	4128	setup_akl.exe	94
PID 3120 wrote to memory of 3876	3120	setup_akl.exe	95
PID 3120 wrote to memory of 3876	3120	setup_akl.exe	95
PID 3120 wrote to memory of 3876	3120	setup_akl.exe	95
PID 3120 wrote to memory of 680	3120	setup_akl.exe	96
PID 3120 wrote to memory of 680	3120	setup_akl.exe	96
PID 3120 wrote to memory of 680	3120	setup_akl.exe	96
PID 680 wrote to memory of 1996	680	setup_akl.exe	97
PID 680 wrote to memory of 1996	680	setup_akl.exe	97
PID 680 wrote to memory of 1996	680	setup_akl.exe	97
PID 680 wrote to memory of 4840	680	setup_akl.exe	98
PID 680 wrote to memory of 4840	680	setup_akl.exe	98
PID 680 wrote to memory of 4840	680	setup_akl.exe	98
PID 4840 wrote to memory of 736	4840	setup_akl.exe	99
PID 4840 wrote to memory of 736	4840	setup_akl.exe	99
PID 4840 wrote to memory of 736	4840	setup_akl.exe	99
PID 4840 wrote to memory of 768	4840	setup_akl.exe	100
PID 4840 wrote to memory of 768	4840	setup_akl.exe	100
PID 4840 wrote to memory of 768	4840	setup_akl.exe	100
PID 768 wrote to memory of 1504	768	setup_akl.exe	101
PID 768 wrote to memory of 1504	768	setup_akl.exe	101
PID 768 wrote to memory of 1504	768	setup_akl.exe	101
PID 768 wrote to memory of 2004	768	setup_akl.exe	102
PID 768 wrote to memory of 2004	768	setup_akl.exe	102
PID 768 wrote to memory of 2004	768	setup_akl.exe	102
PID 2004 wrote to memory of 2900	2004	setup_akl.exe	104
PID 2004 wrote to memory of 2900	2004	setup_akl.exe	104
PID 2004 wrote to memory of 2900	2004	setup_akl.exe	104
PID 2004 wrote to memory of 1688	2004	setup_akl.exe	105

C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
"C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4252
- C:\ProgramData\HQLGHD\FJS.exe
  "C:\ProgramData\HQLGHD\FJS.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
  "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\ProgramData\HQLGHD\FJS.exe
    "C:\ProgramData\HQLGHD\FJS.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
    "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\ProgramData\HQLGHD\FJS.exe
      "C:\ProgramData\HQLGHD\FJS.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
      "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3296
    - - C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2844
      - C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4128
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        7⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3120
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        8⤵
        Checks computer location settings
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:680
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:4840
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2004
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        12⤵
        Checks computer location settings
        
        PID:1688
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        13⤵
        
        PID:4928
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        14⤵
        Checks computer location settings
        
        PID:1848
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        15⤵
        
        PID:2360
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        16⤵
        
        PID:3024
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        17⤵
        
        PID:1472
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        18⤵
        
        PID:400
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        19⤵
        Checks computer location settings
        
        PID:3340
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        20⤵
        Checks computer location settings
        
        PID:4528
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        21⤵
        
        PID:3028
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:116
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        23⤵
        
        PID:3888
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        24⤵
        Loads dropped DLL
        
        PID:1592
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        25⤵
        
        PID:4840
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        26⤵
        
        PID:1352
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        27⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        28⤵
        
        PID:1516
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        29⤵
        Checks computer location settings
        
        PID:4768
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        30⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        30⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        31⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        31⤵
        
        PID:856
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        32⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        33⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        33⤵
        Checks computer location settings
        
        PID:2148
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        34⤵
        Executes dropped EXE
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        34⤵
        
        PID:3900
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        35⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        35⤵
        
        PID:4896
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        36⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        37⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        37⤵
        
        PID:536
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        38⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        38⤵
        
        PID:4256
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        39⤵
        
        PID:2388
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        40⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        41⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        41⤵
        Checks computer location settings
        
        PID:3596
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        42⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        42⤵
        
        PID:2464
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        43⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        43⤵
        
        PID:1516
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        44⤵
        Executes dropped EXE
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        44⤵
        
        PID:2444
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        45⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        45⤵
        Checks computer location settings
        
        PID:4388
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        46⤵
        Executes dropped EXE
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        46⤵
        
        PID:1724
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        47⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        47⤵
        Checks computer location settings
        
        PID:812
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        48⤵
        Executes dropped EXE
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        48⤵
        Checks computer location settings
        
        PID:4592
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        49⤵
        Checks computer location settings
        
        PID:1172
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        50⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        50⤵
        
        PID:2728
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        51⤵
        Executes dropped EXE
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        51⤵
        
        PID:3028
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        52⤵
        Executes dropped EXE
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        52⤵
        
        PID:3212
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        53⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        53⤵
        Checks computer location settings
        
        PID:3888
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        54⤵
        Executes dropped EXE
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        54⤵
        
        PID:3572
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        55⤵
        Executes dropped EXE
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        55⤵
        
        PID:2028
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        56⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        56⤵
        Checks computer location settings
        
        PID:4360
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        57⤵
        Executes dropped EXE
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        57⤵
        
        PID:2552
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        58⤵
        Executes dropped EXE
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        58⤵
        
        PID:4852
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        59⤵
        Executes dropped EXE
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        59⤵
        Checks computer location settings
        
        PID:2448
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        60⤵
        Executes dropped EXE
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        60⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:412
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        61⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        61⤵
        
        PID:3472
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        62⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        62⤵
        
        PID:5016
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        63⤵
        Executes dropped EXE
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        63⤵
        
        PID:4424
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        64⤵
        Executes dropped EXE
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        64⤵
        
        PID:3460
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        65⤵
        Executes dropped EXE
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        65⤵
        Checks computer location settings
        
        PID:2680
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        66⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        66⤵
        
        PID:640
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        67⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        67⤵
        Checks computer location settings
        
        PID:2352
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        68⤵
        
        PID:908
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        69⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        69⤵
        
        PID:1676
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        70⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        70⤵
        
        PID:2028
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        71⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        71⤵
        
        PID:1328
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        72⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        72⤵
        
        PID:4928
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        73⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        73⤵
        Checks computer location settings
        
        PID:4040
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        74⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        74⤵
        
        PID:1536
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        75⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        75⤵
        
        PID:4664
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        76⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        76⤵
        
        PID:3136
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        77⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        77⤵
        
        PID:3036
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        78⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        78⤵
        
        PID:3892
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        79⤵
        Adds Run key to start application
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        79⤵
        Checks computer location settings
        
        PID:3748
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        80⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        80⤵
        
        PID:3776
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        81⤵
        Adds Run key to start application
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        81⤵
        
        PID:3408
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        82⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        82⤵
        Checks computer location settings
        
        PID:2340
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        83⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        83⤵
        
        PID:2948
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        84⤵
        
        PID:1040
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        85⤵
        Checks computer location settings
        
        PID:3264
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        86⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        86⤵
        
        PID:3332
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        87⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        87⤵
        
        PID:3620
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        88⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        88⤵
        
        PID:1964
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        89⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        89⤵
        
        PID:548
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        90⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        90⤵
        
        PID:4596
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        91⤵
        Adds Run key to start application
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        92⤵
        Adds Run key to start application
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        92⤵
        
        PID:2532
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        93⤵
        
        PID:3452
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        94⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        94⤵
        
        PID:2832
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        95⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        95⤵
        
        PID:3876
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        96⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        96⤵
        
        PID:3488
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        97⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        97⤵
        
        PID:908
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        98⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        98⤵
        
        PID:4696
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        99⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        99⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        100⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        100⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3660
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        101⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        101⤵
        
        PID:4680
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        102⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        102⤵
        
        PID:4040
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        103⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        103⤵
        Checks computer location settings
        
        PID:1436
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        104⤵
        Adds Run key to start application
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        104⤵
        
        PID:1996
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        105⤵
        Adds Run key to start application
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        105⤵
        
        PID:2016
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        106⤵
        Adds Run key to start application
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        106⤵
        
        PID:4592
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        107⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        107⤵
        Checks computer location settings
        
        PID:60
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        108⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        108⤵
        Checks computer location settings
        
        PID:4880
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        109⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        109⤵
        
        PID:4276
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        110⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        110⤵
        Checks computer location settings
        
        PID:2144
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        111⤵
        Adds Run key to start application
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        111⤵
        
        PID:1352
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        112⤵
        Adds Run key to start application
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        112⤵
        
        PID:3596
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        113⤵
        Checks computer location settings
        
        PID:1424
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        114⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        114⤵
        
        PID:2552
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        115⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        115⤵
        
        PID:2092
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        116⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        116⤵
        
        PID:3660
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        117⤵
        
        PID:1712
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        118⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        118⤵
        Checks computer location settings
        
        PID:4040
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        119⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        120⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        120⤵
        Checks computer location settings
        
        PID:812
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        121⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        121⤵
        
        PID:2648
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        122⤵
        Adds Run key to start application
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        122⤵
        
        PID:664
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        123⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        124⤵
        Adds Run key to start application
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        124⤵
        
        PID:3504
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        125⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        125⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3408
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        126⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        126⤵
        Checks computer location settings
        
        PID:4044
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        127⤵
        Adds Run key to start application
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        127⤵
        
        PID:4428
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        128⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        128⤵
        
        PID:2220
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        129⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        129⤵
        
        PID:1888
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        130⤵
        Adds Run key to start application
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        130⤵
        
        PID:752
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        131⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        131⤵
        
        PID:5012
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        132⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        132⤵
        Checks computer location settings
        
        PID:3788
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        133⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        133⤵
        Checks computer location settings
        
        PID:1420
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        134⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        134⤵
        Checks computer location settings
        
        PID:4104
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        135⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        135⤵
        Checks computer location settings
        
        PID:3928
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        136⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        136⤵
        Checks computer location settings
        
        PID:4260
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        137⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        137⤵
        
        PID:1408
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        138⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        138⤵
        
        PID:2884
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        139⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        139⤵
        
        PID:1104
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        140⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        140⤵
        Checks computer location settings
        
        PID:1804
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        141⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        141⤵
        
        PID:1180
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        142⤵
        Adds Run key to start application
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        143⤵
        Adds Run key to start application
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        143⤵
        
        PID:2356
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        144⤵
        Adds Run key to start application
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        144⤵
        
        PID:1820
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        145⤵
        Adds Run key to start application
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        145⤵
        
        PID:4000
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        146⤵
        Adds Run key to start application
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        146⤵
        
        PID:3756
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        147⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        147⤵
        
        PID:4156
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        148⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        148⤵
        Checks computer location settings
        
        PID:3472
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        149⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        149⤵
        Checks computer location settings
        
        PID:936
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        150⤵
        Adds Run key to start application
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        150⤵
        
        PID:4012
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        151⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        151⤵
        
        PID:3204
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        152⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        152⤵
        
        PID:224
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        153⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        153⤵
        
        PID:1136
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        154⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        154⤵
        Checks computer location settings
        
        PID:5060
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        155⤵
        
        PID:4408
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        156⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        156⤵
        
        PID:1808
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        157⤵
        
        PID:2144
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        158⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        158⤵
        Checks computer location settings
        
        PID:3672
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        159⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        159⤵
        
        PID:1592
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        160⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        160⤵
        
        PID:3596
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        161⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        161⤵
        
        PID:4852
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        162⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        162⤵
        
        PID:3700
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        163⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        163⤵
        
        PID:4488
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        164⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        164⤵
        
        PID:4900
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        165⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        165⤵
        
        PID:4952
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        166⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        166⤵
        Checks computer location settings
        
        PID:3660
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        167⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        167⤵
        
        PID:1724
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        168⤵
        Adds Run key to start application
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        168⤵
        
        PID:1552
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        169⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        169⤵
        Checks computer location settings
        
        PID:4580
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        170⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        170⤵
        
        PID:1172
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        171⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        171⤵
        
        PID:1832
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        172⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        173⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        173⤵
        
        PID:868
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        174⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        174⤵
        
        PID:4324
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        175⤵
        Adds Run key to start application
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        175⤵
        
        PID:4128
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        176⤵
        Adds Run key to start application
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        176⤵
        
        PID:2688
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        177⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        177⤵
        
        PID:4184
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        178⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        178⤵
        Checks computer location settings
        
        PID:2356
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        179⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        179⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        180⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        180⤵
        
        PID:1888
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        181⤵
        Checks computer location settings
        
        PID:1328
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        182⤵
        
        PID:3128
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        183⤵
        Adds Run key to start application
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        183⤵
        
        PID:856
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        184⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        184⤵
        
        PID:4924
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        185⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        186⤵
        
        PID:3476
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        187⤵
        Adds Run key to start application
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        187⤵
        
        PID:3120
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        188⤵
        Checks computer location settings
        
        PID:4592
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        189⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        189⤵
        
        PID:452
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        190⤵
        Adds Run key to start application
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        191⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        191⤵
        
        PID:2496
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        192⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        193⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        193⤵
        
        PID:4324
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        194⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        194⤵
        
        PID:4800
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        195⤵
        Adds Run key to start application
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        195⤵
        
        PID:1300
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        196⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        196⤵
        
        PID:464
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        197⤵
        
        PID:748
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        198⤵
        Adds Run key to start application
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        198⤵
        Checks computer location settings
        
        PID:4536
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        199⤵
        Adds Run key to start application
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        199⤵
        
        PID:1772
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        200⤵
        
        PID:1584
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        201⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        201⤵
        Checks computer location settings
        
        PID:2236
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        202⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        202⤵
        Checks computer location settings
        
        PID:4440
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        203⤵
        Adds Run key to start application
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        203⤵
        
        PID:5016
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        204⤵
        
        PID:1996
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        205⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        205⤵
        
        PID:2744
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        206⤵
        Adds Run key to start application
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        206⤵
        
        PID:4400
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        207⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        207⤵
        
        PID:1168
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        208⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        208⤵
        Checks computer location settings
        
        PID:3880
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        209⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        209⤵
        
        PID:116
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        210⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        210⤵
        
        PID:3032
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        211⤵
        Checks computer location settings
        
        PID:4324
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        212⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        212⤵
        
        PID:4984
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        213⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        213⤵
        
        PID:2204
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        214⤵
        
        PID:1676
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        215⤵
        Adds Run key to start application
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        216⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        216⤵
        
        PID:1244
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        217⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        217⤵
        
        PID:4652
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        218⤵
        Adds Run key to start application
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        218⤵
        Checks computer location settings
        
        PID:3620
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        219⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        219⤵
        
        PID:3304
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        220⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        220⤵
        
        PID:3340
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        221⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        221⤵
        
        PID:2732
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        222⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        222⤵
        
        PID:4188
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        223⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        223⤵
        
        PID:876
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        224⤵
        Adds Run key to start application
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        224⤵
        
        PID:3060
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        225⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        225⤵
        Checks computer location settings
        
        PID:1892
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        226⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        226⤵
        Checks computer location settings
        
        PID:60
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        227⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        227⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        228⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        228⤵
        
        PID:4256
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        229⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        229⤵
        
        PID:1180
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        230⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        230⤵
        
        PID:1708
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        231⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        231⤵
        Checks computer location settings
        
        PID:2356
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        232⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        232⤵
        
        PID:2948
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        233⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        233⤵
        
        PID:2052
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        234⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        234⤵
        
        PID:3020
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        235⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        235⤵
        
        PID:1516
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        236⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        236⤵
        
        PID:3332
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        237⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        237⤵
        
        PID:556
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        238⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        238⤵
        
        PID:3136
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        239⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        239⤵
        
        PID:1552
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        240⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        240⤵
        
        PID:4188
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        241⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        241⤵
        
        PID:224
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        242⤵
        Adds Run key to start application
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        242⤵
        
        PID:2432
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        243⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        243⤵
        
        PID:1800
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        244⤵
        Adds Run key to start application
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        244⤵
        
        PID:5072
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        245⤵
        Adds Run key to start application
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        245⤵
        
        PID:3280
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        246⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        246⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        247⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        247⤵
        
        PID:1400
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        248⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        248⤵
        
        PID:3552
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        249⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        249⤵
        
        PID:2356
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        250⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        250⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1052
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        251⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        251⤵
        
        PID:4636
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        252⤵
        Adds Run key to start application
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        252⤵
        
        PID:3272
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        253⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        253⤵
        
        PID:872
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        254⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        254⤵
        
        PID:3248
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        255⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        255⤵
        
        PID:624
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        256⤵
        Adds Run key to start application
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        256⤵
        
        PID:3928
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        257⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        257⤵
        
        PID:3636
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        258⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        258⤵
        
        PID:536
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        259⤵
        Adds Run key to start application
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        259⤵
        
        PID:1892
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        260⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        260⤵
        
        PID:2348
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        261⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        261⤵
        
        PID:768
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        262⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        262⤵
        
        PID:2340
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        263⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        263⤵
        
        PID:2188
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        264⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        264⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        265⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        265⤵
        
        PID:3596
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        266⤵
        System Location Discovery: System Language Discovery
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        266⤵
        Checks computer location settings
        
        PID:4332
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        267⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        267⤵
        
        PID:5012
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        268⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        268⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        269⤵
        Adds Run key to start application
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        269⤵
        
        PID:1772
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        270⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        270⤵
        
        PID:5080
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        271⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        271⤵
        
        PID:3248
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        272⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        272⤵
        
        PID:840
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        273⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        273⤵
        
        PID:2096
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        274⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        274⤵
        
        PID:1900
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        275⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        275⤵
        
        PID:4276
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        276⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        276⤵
        
        PID:3828
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        277⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        277⤵
        
        PID:2640
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        278⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        278⤵
        
        PID:5072
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        279⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        279⤵
        
        PID:4600
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        280⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        280⤵
        
        PID:3504
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        281⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        281⤵
        
        PID:4684
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        282⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        282⤵
        
        PID:2776
        
        C:\ProgramData\HQLGHD\FJS.exe
        
        "C:\ProgramData\HQLGHD\FJS.exe"
        283⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ardamax Keylogger 4.0.2 + Serial\setup_akl.exe"
        283⤵
        
        PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\HQLGHD\FJS.00

Filesize
1KB

MD5
25539f7306bb74bb2e364c00a066d6f4

SHA1
6e0d99e9428e80036aaa80c403d53efbe588e524

SHA256
bd4e0503a728abe89866209ae6fc72eeab335b378963781911136dc3a9bdc7e2

SHA512
bbde2aede848f6d5eb3c83af91d8849bbe7413f96b27da28512feff320dfb044aefc0945d69de8b0de9dfb9cec1ce0122f3b8652a95201d3d8cd651b2ffa7448

Download Submit
C:\ProgramData\HQLGHD\FJS.00

Filesize
1KB

MD5
13ec11fade30b13eb766fe62ebdfa7af

SHA1
c4a2ba241787904cc3fbdab03ea23f848c07803b

SHA256
e2d47c055396f4c2bfe0ad2d48568da86a9a330e83cb9901ade8072b8c99c7ab

SHA512
43b434db2b00d1d2cf955749eb9d09ebd62f07b2b93fcd8f23794be86e4729b67b4d27ae2609e0ab376bf9f77adfe45743aae7620e45a4ff7cec7b52769cf1cd

Download Submit
C:\ProgramData\HQLGHD\FJS.00

Filesize
1KB

MD5
18612796f1d891f16ba6bb8b491df36b

SHA1
43dc0b50b06f67762c729dd4ddc0c5bd81068f10

SHA256
03ad86b56038b15926e71ad876d59b1bff399900b3f39c24c3494cea52e6895b

SHA512
d8d6a142bb47514ed0be5a61836d883bef8eb00db72c34bd8519afa4e54f0ad4314406f4c67ae3f744133a6ffaa22a2046c27bcf659223b61be43f3248e547ff

Download Submit
C:\ProgramData\HQLGHD\FJS.00

Filesize
1KB

MD5
a3577671fbe6a8b62cad872eb35030e9

SHA1
6a989f79eb7e08c96360165136216e8e338690a0

SHA256
6ef6b028003d0ded12f6250cb85b11e400d5c704674f1a1f2a0b8fa4fb21701a

SHA512
c409805516f2279472c09759dd6dab85e9197b8c3a65d466207199b97be6ec13dee49804aadd8e960361378a9a09371fcc7d9ba59299ef4cf22009728bae6d5e

Download Submit
C:\ProgramData\HQLGHD\FJS.00

Filesize
1KB

MD5
af610106b5228b479fa0a03f1639e33f

SHA1
f0e81b34e76a67c92bd5d308e3a99fb0e47e010b

SHA256
98dd2fbb5263d325d45dc353bebf2b6922397b618b494e60c3b684c81bb60762

SHA512
84473375851356952dfc1c58248bd219fc9c5027da9fd89bb89816a0fc14cfbeb63599d4aa12a5d097d48177afce04a9e3c15a45f97a0c89482b5acabac7b4b7

Download Submit
C:\ProgramData\HQLGHD\FJS.01

Filesize
80KB

MD5
e9fdebeeff810d9d2598a09183ce2c28

SHA1
802ee29723a0e5ee2c315e6749c5695c1bc0e95c

SHA256
251bd8e81fa83e9f7e07bf5e17d802ac7fc063ccc297d5d74c930d8be6551adf

SHA512
48cec319ceb906bd7891eef94f20ffb8e483406308c03c14a23116792a2c180e5e830192df05872ea96124eee250457bc6fafa25d9402bca1e6a74e2459caa51

Download Submit
C:\ProgramData\HQLGHD\FJS.02

Filesize
56KB

MD5
6d28ab2abbd991514a6f67a65875ba8b

SHA1
b8af9292fe86de6dd52cb56c9d208f0015248486

SHA256
bdf26bbd0aa925e1f6ab8d33101bc4d7c8201c2fab0fd3deabe6fb1623730e86

SHA512
ada940f827a5b36f7f34fd9e8ce25132ff2f056e8e1aed5999ea7f938b70f21cfe0624ce04e5186a60071468316da9c21ec8f43514d98c5455180945ea03de61

Download Submit
C:\ProgramData\HQLGHD\FJS.exe

Filesize
2.3MB

MD5
c8b249cca65b74585eab63bb17375efd

SHA1
6f53a15a9a81ccb3bc8531f188416e522dab6b5d

SHA256
16866d884072c41b60e0c6f0edbeea832b0475d97bb0f5dfa62ab5dd2df1237b

SHA512
2fd4abbf422b64fbbad63b2bfcee9bacbeb04a6b1385e389195bad1e30724744150f62f94572c28dc14480b00d2b54413076f9ede78e2b1323097b610374d427

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
967B

MD5
83d4f7edd3834170a7cc4d6ca33f48ff

SHA1
c0d0a8003253e108528071d18d789f148e95d940

SHA256
d8348489f92223ca84f3e96271111d1d4e2d9502b208d059cfc68b7d8c4a79bc

SHA512
65c3ac38b314fddc82f3a81983ddf145d903419b5bf7adac723caec46d195bb53bfbf6965d998b3f689c175c7661e21bab7b514e12856f8cf5988bd94aea8660

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
4KB

MD5
c796b6a2000350c96374efd30d5aa8ca

SHA1
a46caf9d0bdf22a56636e654e8049cfe20796548

SHA256
d500c5498af7ad875ae5ab7bf8ad14b101376395b521d92201e2d0c22bc48e16

SHA512
98b6e553a98d171bbb4f4a4b7f7a224cb1c2861313b55d39883f0b5d27a732c572f4c17278fc1ea5f2b573b8e86d0c737803c0c7f1c83a8abcf52a073090fb92

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
4KB

MD5
d5128236823b94ef3a6d060003d8ce69

SHA1
414d6cdf4d309b25e4685ea093605dbb54f85e05

SHA256
84a9c0816387965834f75e4a986587de5233dbc53ede233b2e5f425df85a5257

SHA512
55778486e385677f2a353b3931b3641c69d770635237ae257d9dff7f3c7160166892f763b151fc9f6cf5958238a5007db1404d3991be7a78012ac2c7d7a81e21

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
5KB

MD5
2c5b49adca12bf0e55ebd41d7b5cbf65

SHA1
0d97f295e94894ed9ddc583356554791cc45e609

SHA256
94294ce962bf721a394ded59a538195a63d8d2fe1745b490bf9e21d515296922

SHA512
19b1b2a219e8b0814283f2f9152db70d5e3564c3da9afc2ecbeb774fdee23df5f84027a9eef92abc9233eb24e87d0151a2055f888b834da9625584c07a62419f

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
5KB

MD5
273a9525855ceaa11bd255040c0a3225

SHA1
d4a509463bd22a007f180d421442b13be70fab3c

SHA256
8244eb2e93134287776b725dceae45d7d0da3e1595e905992efecea6a5f9b8a8

SHA512
ec0e2acbf18e3e971ece8aa74c6eff28b6c24d8b67a60d048d314779550e21f0d50c2b10cb06436250dd5190aee3e84301c34039e74fc37b3f5182988e64aafe

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
5KB

MD5
b4a987808cb9b6ada9bfdbe3976ad65b

SHA1
8fd37fc5f924122cef43db6eaed13e859ab1bff1

SHA256
602cd432f7b36f92d59116a1080b4b4068c2a17cf37582bf0656e5c4fb96f046

SHA512
8938a76255216fc983cd8f8c56a4cff96763710823601384538612babdcc38400ca42c64d349cff69890011e9ef749720770e87c36de962144440f1e40a3c8d3

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
1KB

MD5
40d3fadc156865e46874306aebd77d98

SHA1
55b51b835d3dda3a2715eb84b5eeecf144b3021f

SHA256
390376753d90ed354373bf5332284422a305a2ee4164566e4b2bc366be47dad6

SHA512
bbed91afb3449eb3fc5661778ecc99b44b26db01186afefa94af2d0671b6f955eb6d58e0fc4d8f7b410ab10b921d2d6233364cbd2551f6973a0a1e17ef023fe3

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
6KB

MD5
e50f82b0b0ea040ae315c817c2a7b127

SHA1
7c0580c4677e2dbf19589c2560cf8f03fb5b05a6

SHA256
d587c6380e5fa17a6fa7ed4940ae57d12fc7507c81f5dd4cc240446e8d2bffd4

SHA512
8bc1dcb599dc70fd8c2c29a68058158fbdf0010431afc014f80ad40cd34a30e87d684ebdb2ff966f12d2ae03532fa5ff751e4ed8fa75333738a2564130264a0e

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
6KB

MD5
80bcb1e795623fc826865a42a9da6907

SHA1
a21bdbbdcb52f20e480c4eb97074d4e54e897dbf

SHA256
f6ec154c8bedeb9e95e7784ccdeffdecfd5582a2cba6613fc3d996fb2e06465d

SHA512
c4eae8a976868d5b368ff1468e358d16db33229df43e6f7a9b285f6b4f878a1d3b1a734d036c806aa42dec7010fd018e6920d9f3e77842283094255488a317f7

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
6KB

MD5
1b4a8d29571641b2d4a1392cf430bc6f

SHA1
ff07e75a963d006c57347e3500a3d95c6d0e5898

SHA256
6b5e2eb6323ecb62840e02019ae5058ce3b5299f3d2e2390eaa479a5a9bbd84b

SHA512
80567d4071e77914a2d8ad47ad436b7c3170c8d2488beac50f6a8f481e3aef1bc91e3297c132388c2279ca8aa72401c3775a0606284bb6bebb3ee6f26232f0cd

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
7KB

MD5
1e97f315bed416c53984c42b56c37bfd

SHA1
46dd2e21e23a954528da64feb052a5c66012ec0c

SHA256
b1a5e14fd01c5ed6d8cc7d02108413165c2cc8f2653794b20369b15e4a4eec98

SHA512
141bceba7d6ceb738c63d395a6380a0ea559896ca48c4bd91094f1951fdbba3e4077761ac2063e2ad2df83916efd6ef08c5b8c393834c8384ecbcc9ccb4ea749

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
7KB

MD5
6f79db47659b28f7ad9d8bf2299debfc

SHA1
8c0a17829d1b972588c59c2b231e2119e6ba83af

SHA256
3388c01774fab774e1748bbbd19d8af0ac9622735c24be68e15d45a03db85247

SHA512
06c8814f4e68a60263154413ea9d44a72c3e857592b53fe5866b79b6c82291f1d895c26bf446d24e112f92b1bb88d537acd9b173f36cb96eef2c64b34b498ad4

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
7KB

MD5
43b8f6e150810036e58a8f640a078021

SHA1
4c8c32ce306c6736ef4e8f03bfff79c7c6c3076a

SHA256
1ab7c108cc0282c1a414818ddea149eba2ddb8c7b808dc80f78fef74c80ae450

SHA512
7d6a0d5e13dc8dcc11a3fcbf695700a89a261c3825d2d76ef94fd095976ace2c1303e9a9888a5b405f38f059ff3237398cc7a6f4d8bf57c7a0777f85c2c0d541

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
8KB

MD5
b17cee5df47fd98eca9c9155b4bca5a0

SHA1
ea74d7d10f4895d2f2d04cdbcb93e3914b510977

SHA256
61fd229a826c7e0078fe8ec3ce3ecfd140573244af0dfd3f218f3f41b95762ed

SHA512
1ef0754f7e0eb7c306147e5e5ce2dc35a7a623d54a6845009e16195e58c7d0f3bbcfc3c00799b95ec30e5f597c0743fa4e558558df367b6d15c1f83483c6c4dc

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
8KB

MD5
32d41c8438264efadb8d8eff6be27d68

SHA1
e25f85d5329d1c2b32ee2fa95f174456da6c2e06

SHA256
481f824b7871f6e4db715e79f9d6c919bf7635ab12a7470cc2a62a11d4872632

SHA512
21c333362e1243d3a91cb961c8fabe9759471d1576a40de30a7c725b19f2eab93891c7df3b0d418b4f27f814081d032a6c70eed6df6d0a786d3f76f84e5cc220

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
8KB

MD5
b10751635a69f272a851f069671afbac

SHA1
cf0d02fed43b9a88ec6a74f985ab9a0b92797775

SHA256
c63aaa2be1330c4bb092777a4ab10f4ff2a4df2fe282c1a1f660dcb4a5498d5b

SHA512
852b29fae3dba8ea84b19d21a098f49499785dae21b4a47d315cfefbef385371724ca5b85f47d4f6b8b991f5ef536db2d19951fedfe3cd0c6370fc3cf52d6b48

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
9KB

MD5
e6f2eff70f7592bd025fc9ce4185a83b

SHA1
0d6855fbe2024a56146446f64425c57a4a5c3573

SHA256
26171aef5a82c37dc71187bb0fefe9ce392e1ab7c9320cc5b2c39744b04b27e3

SHA512
afb90763136b1c4c50dd2a47c3aa4cf99e4bcd79344f164bc721a9e645f643000d8d547c24548775af99ba7f971e40cee5fc15166add92ab48dacd0172340953

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
9KB

MD5
c5c84a3e2791856890723e5ffa760a03

SHA1
1061dc7c640925d70ba9546affa02b571f6d730d

SHA256
d197151964cd8196e48c853f493a006fa18b87120c96d76f59463d5e764c3941

SHA512
a2b1cfaf241423a1f1bd3ee8bf76d249e42db4a7ea8094bc7558f6f1388ee010583b5270514b1d8a2061ed1d84d4700fd05ac8486f5da142211dcb0017262dc6

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
9KB

MD5
3567bfd349b3b7b6f113eeea12a33b07

SHA1
868f65c5c98a412709c604070cd1de4929bf866f

SHA256
dffe593b514e9b9a9e60a472483574201d6ae77504969defc393354d902ded18

SHA512
8a4f167766e7320ce493a3696fa7e2cd691dcac219a918b11c360b15d5202a08c1aa0a9d3f86ef11cf45c32b0f68f0be096210e10385ec7b1b645f94a02b5e59

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
10KB

MD5
d5eae7de916e0eb5af6c5162cf303ae3

SHA1
a744113112efc0b76821caf37efe15dc716c7ff3

SHA256
d3a6867fcdc18af6f2a317111f5714ccdafc861ab0569be6b5fbd65d8a0f65a2

SHA512
9322675c0febcfc16dab6e88da0c05d36b54529c72db362ea5aea71eb6a4f7115aa641c15fdb0c7813577159d00744818fb792b31323234e91abc11253fdcb46

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
10KB

MD5
81323c55175f7ee8e96637ee3c30ebbf

SHA1
14ccd85e7bb36498a9fbcc3ce26355cdbce62218

SHA256
d46072eb867ee244aa76b08ffbae2a5c2e1bd24b17ee0f50f42a14d5be8e79dd

SHA512
d6426c3c67ccc188cd432152c06635045b4a9a6b739b219fbb6c790751968eaf872ca9ec60b15062ab1a96dedf915f95e6c75a0779078b11f5a46556c013cc23

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
10KB

MD5
13b78649e94bd6ca6ab05ff8b0ce2732

SHA1
ff2b0ca04c92b19b4f90c8c943c2371cb037cfeb

SHA256
d561111b637d8186ddd85559cb1665e5b9711d017b5d55b6541cbfe96fac2c88

SHA512
0b6582ea87a296272a95b14e0d1ee0b7a72f7fc01a62c32152e1a1a4bee14dad0595820023effaf1dc8a3a8b3bd85dec0dc0b0675da12dde05f943bdbf01d30a

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
10KB

MD5
388f1bb0feb38aae5e24a5b88111d43f

SHA1
65dbee558c8a25a4e0954c323a1f5182cc1b3992

SHA256
cc50b822147e5cf39a9d59f2f4a43c6295b5780fb3510564309dc54ba42dbbcc

SHA512
a9930eae6d8cc9b50a2ae9b8d6e361336f6c172e4907afc007d461464d09d9fe54c67098604d1ad8ac9b1b4cd3f1ca3dcbc632e827ab5afbb300bdaf4503b901

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
11KB

MD5
b7f0ef356a386676aa0cf8cefc2610fa

SHA1
770f8de00cc45ccaa6924220d72e8aeda4b90a73

SHA256
b3f80561d511ad6f2b04ab6c59ff249b418a1a6f8f6b2f65de9ace1c62610d3b

SHA512
6d0e82f0b7cb582162b22e4f4a69137271a205292308c2358905d7a8f5631697bf7a18fe67a2c3c9840304d42440e2d2e84e26aca413acc6406b19fc7d4005a9

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
12KB

MD5
3b5940ef2213bcc83359f7c5344cbcc3

SHA1
2a4cb279e846d83a0ad3ca8a364b92f6bbc7dfc3

SHA256
8fe12a25954903ad1b81846101f2b94296dc9f40cc62560bba6251f63ee2ed15

SHA512
ab709b1d22e7c282efcad2b29d0b391d79080d09eeae85a9732ce77b884b212c15738bb8716b22f85bf1a929176f1887d8da5f5ad258405a03c526c4f442d8f1

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
1KB

MD5
0e6ecb489d476789dcb202c765c6db9e

SHA1
d8e2f75dddf3d7e5688671a9e8e3463b3963a011

SHA256
444d82ae4ce8557066819fbea07ca9777312a5f9f3999dc0d88cd077b81e8837

SHA512
4d0f77ee17d05409137445fa277e56cc6f211d59ae4066cc679494987c54fc7321f05cbf74565287cc38837040558a48cc4586170c75abaf3b678ae610440600

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
12KB

MD5
647a2be55df8a7e5b15b6cbb128fc52c

SHA1
0d0d6fc352e2ed86a328b56480fab1a8de5c9b54

SHA256
7770273297e0482f197b9f6d895c0e3d623de993f5c9fb5ba8fa045a5f4a8400

SHA512
6ce74bdd7acfd370de9c28db5ec782cef4e520263fcc48b52d50cb983bdb7070f5b1f31ec9a74a9a6b887c0f916137542a9068fe30d000f666a6e99332c2c62f

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
562B

MD5
b3150ac293f24855414d0aacbb9f6e77

SHA1
4d6b9fcf14df5c307c0191745280889e45fcaf54

SHA256
c5b1e9eede994a66dddfa24931fab7741494829f6cedbf7d2035f3818d531485

SHA512
826b4315fb257d7a03ea7b1d7791d7348d6422e6e0316e5ed0f59b36cce2dc1afa6678965b29513626033628251b2695c777ebae6b53b274e5b2644fb9aea3da

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
2KB

MD5
5520daa7358514a0c4f888619959da9f

SHA1
2e59709c3d7485b860e4240ddceabb1b644c55e3

SHA256
46c4f4d2358be411bc736e9c49761ed4fff21fe4181d69a307e7d2294b65bacc

SHA512
86d2fc060050561688adff5c1e61e33d89b8b82cf2e7f26fe8b5b5940a32d1d4eaf3c5cd818a4428023584153e025e98c2fa5698b79ba04d7b313f4fe0c928c4

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
2KB

MD5
412d287122ac97705ff5a4e40d7984cb

SHA1
68f816ace5dc88bc9badb53e14602daaa75804bb

SHA256
abf0723b9cdb156603f36cae9a54a1bf101c4f19c264dfdc6e8fac3e2988afee

SHA512
30ee3e43dd5b48ecf2cf6048f1b9c55ae488940bd4095e80ebc64561536701f7fe9e02a8daba82f0d3b8c07cc267bf80e576aaecccab10c2bb7c0a85e8c7bbf6

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
3KB

MD5
3516f84e6023b5e4c3edcc7e8c57f305

SHA1
17f68dc0d9eedfcd57d7debff5b554032e07d9cd

SHA256
f021dd969cda4e0f08b4e6a6a5506749c9ac68a15409bc25eb0ef6eb26d3ccf6

SHA512
d57f161df1933941509001e4502eec211e766226c9f113633908127e9ee3932ee2d7d7d9a1b33e7876b3e30a2587ddb3fb3e2c9689cf2dc745722f836e71a572

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
3KB

MD5
7cfb2d40b39f4ddd81af1d83f2dbcd0a

SHA1
f34266925b85fcfdafa34ffa6fa30a097ec3d971

SHA256
340f9df63db81985c3d66815f06d0832663ec59e51c810a5d47e3d711de201f4

SHA512
6b0933fc4c0575006e2397f686c75252e2e287bb9bd49a478f6913565e1696e94badc460f90de0eeaf0e8decf4caace1a59817c04e76d4ec45ea9ca2c7ab105f

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
3KB

MD5
c4e00ff41aa3ba8e44e43c4cddda2a6a

SHA1
0050049f05890650fd5964a0cbf658291eb352e8

SHA256
581b8c075d5d524b75f0fb1c1ae45b2ab384650037c10749e5b52507222670c9

SHA512
41e791ce2c1f8d06a4a80d247087c40627d06b3e03ffa07fa571a81c85245628f7705dfe7ce6a9737d02ebc42214f72268e0f9b21f0e96d5b49b8058b01de3ef

Download Submit
C:\ProgramData\Microsoft\WindowsFJS.004

Filesize
4KB

MD5
efb13e238430aaa6e9972c9544213c2a

SHA1
5c179169d4d9b419bd78861ddc3820705e29d74d

SHA256
e4e71fa42eb356c77d9b6f794e87679761f811e4e2c54848327f79f4c4e37110

SHA512
9864f49fc6365b2556a9bf2c63030887999d435a69a0e691be385f226fb95dda63c72a0ed091b804e2279adc62cea37f01dc8a380b3768f4ddea3a80c546ef66

Download Submit
memory/232-77-0x0000000000940000-0x0000000000959000-memory.dmp

Filesize
100KB

Download
memory/664-533-0x0000000002320000-0x0000000002339000-memory.dmp

Filesize
100KB

Download
memory/680-131-0x0000000000AD0000-0x0000000000AE9000-memory.dmp

Filesize
100KB

Download
memory/736-592-0x0000000000A10000-0x0000000000A29000-memory.dmp

Filesize
100KB

Download
memory/1080-378-0x0000000000820000-0x0000000000839000-memory.dmp

Filesize
100KB

Download
memory/1392-200-0x0000000002570000-0x0000000002589000-memory.dmp

Filesize
100KB

Download
memory/1504-176-0x00000000041B0000-0x00000000041C9000-memory.dmp

Filesize
100KB

Download
memory/1516-486-0x0000000003790000-0x00000000037A9000-memory.dmp

Filesize
100KB

Download
memory/1592-288-0x00000000011E0000-0x00000000011F9000-memory.dmp

Filesize
100KB

Download
memory/1632-106-0x0000000002870000-0x0000000002889000-memory.dmp

Filesize
100KB

Download
memory/1832-245-0x0000000002380000-0x0000000002399000-memory.dmp

Filesize
100KB

Download
memory/1996-135-0x0000000000860000-0x0000000000879000-memory.dmp

Filesize
100KB

Download
memory/1996-287-0x0000000003F70000-0x0000000003F89000-memory.dmp

Filesize
100KB

Download
memory/2092-215-0x0000000002480000-0x0000000002499000-memory.dmp

Filesize
100KB

Download
memory/2148-377-0x0000000000E90000-0x0000000000EA9000-memory.dmp

Filesize
100KB

Download
memory/2324-230-0x00000000040C0000-0x00000000040D9000-memory.dmp

Filesize
100KB

Download
memory/2708-22-0x0000000002810000-0x0000000002829000-memory.dmp

Filesize
100KB

Download
memory/2708-17-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download
memory/2708-18-0x0000000000400000-0x0000000000684000-memory.dmp

Filesize
2.5MB

Download
memory/2708-42-0x0000000000400000-0x0000000000684000-memory.dmp

Filesize
2.5MB

Download
memory/2844-74-0x0000000002E90000-0x0000000002EA9000-memory.dmp

Filesize
100KB

Download
memory/2936-49-0x00000000029B0000-0x00000000029C9000-memory.dmp

Filesize
100KB

Download
memory/3036-41-0x0000000000110000-0x00000000004CE000-memory.dmp

Filesize
3.7MB

Download
memory/3036-25-0x0000000000E90000-0x0000000000EA9000-memory.dmp

Filesize
100KB

Download
memory/3036-15-0x0000000000110000-0x00000000004CE000-memory.dmp

Filesize
3.7MB

Download
memory/3276-70-0x00000000040B0000-0x00000000040C9000-memory.dmp

Filesize
100KB

Download
memory/3524-29-0x0000000000870000-0x0000000000889000-memory.dmp

Filesize
100KB

Download
memory/3640-487-0x0000000000770000-0x0000000000789000-memory.dmp

Filesize
100KB

Download
memory/3888-591-0x00000000012D0000-0x00000000012E9000-memory.dmp

Filesize
100KB

Download
memory/4156-485-0x0000000002340000-0x0000000002359000-memory.dmp

Filesize
100KB

Download
memory/4252-0-0x0000000000111000-0x0000000000112000-memory.dmp

Filesize
4KB

Download
memory/4252-14-0x0000000000110000-0x00000000004CE000-memory.dmp

Filesize
3.7MB

Download
memory/4252-2-0x0000000000110000-0x00000000004CE000-memory.dmp

Filesize
3.7MB

Download
memory/4252-1-0x0000000000110000-0x00000000004CE000-memory.dmp

Filesize
3.7MB

Download
memory/4256-427-0x0000000000960000-0x0000000000979000-memory.dmp

Filesize
100KB

Download
memory/4324-289-0x0000000000A40000-0x0000000000A59000-memory.dmp

Filesize
100KB

Download
memory/4388-509-0x0000000002450000-0x0000000002469000-memory.dmp

Filesize
100KB

Download
memory/4592-532-0x00000000026D0000-0x00000000026E9000-memory.dmp

Filesize
100KB

Download
memory/4660-513-0x00000000007F0000-0x0000000000809000-memory.dmp

Filesize
100KB

Download
memory/4800-428-0x0000000000830000-0x0000000000849000-memory.dmp

Filesize
100KB

Download
memory/4880-554-0x0000000000B90000-0x0000000000BA9000-memory.dmp

Filesize
100KB

Download