Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 19:34
General
-
Target
21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exe
-
Size
201KB
-
MD5
2fa2b4a6ba4e35f024e2d3bcefc03fca
-
SHA1
6af965283bf78a17b989a755527754535b4791d9
-
SHA256
21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023
-
SHA512
31e1d63a674ec792ad8dd2287dccb51e22d10773be472b439b32dd28c76b2231deeb85dcc6605f4ed3a1fdfa177f97a0b598265568d02ec0172dbd908d36c266
-
SSDEEP
6144:QBF/hTDrEqoWUSyfdBZ5m6Mi/adudGCDMCJQ:iF/lDYpnSylJm4DMD
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (77) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 10 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 6 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exe"C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\iuIgEogU\rWEQcEQk.exe"C:\Users\Admin\iuIgEogU\rWEQcEQk.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\ProgramData\wEgEMkIQ\gOIsYcYk.exe"C:\ProgramData\wEgEMkIQ\gOIsYcYk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c783340233⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c783340235⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c783340237⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"8⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c783340239⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"10⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402311⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"12⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402313⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"14⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402315⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"16⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402317⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"18⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402319⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"20⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402321⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"22⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402323⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"24⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402325⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"26⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402327⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"28⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402329⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"30⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402331⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"32⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402333⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"34⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402335⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"36⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402337⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"38⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402339⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"40⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402341⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"42⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402343⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"44⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402345⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"46⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402347⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"48⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402349⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"50⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402351⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"52⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402353⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"54⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402355⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"56⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402357⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"58⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402359⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"60⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402361⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"62⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV163⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402363⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"64⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402365⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"66⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402367⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"68⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402369⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"70⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402371⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"72⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402373⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"74⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402375⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"76⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402377⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"78⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV179⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402379⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"80⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402381⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"82⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402383⤵
- Adds Run key to start application
-
C:\Users\Admin\EYUoQsEs\CmIUIwwM.exe"C:\Users\Admin\EYUoQsEs\CmIUIwwM.exe"84⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 22485⤵
- Program crash
-
C:\ProgramData\ioYYEkoI\JIUwMcog.exe"C:\ProgramData\ioYYEkoI\JIUwMcog.exe"84⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 22485⤵
- Program crash
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"84⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402385⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"86⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402387⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"88⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402389⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"90⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402391⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"92⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402393⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"94⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402395⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"96⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402397⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"98⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c7833402399⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"100⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"102⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"104⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"106⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1107⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"108⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"112⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"114⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"116⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"120⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"122⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"124⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"126⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"128⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"130⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"132⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"134⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1135⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"136⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"138⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"142⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"144⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"146⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"148⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"150⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"152⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"154⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"156⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"158⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"160⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"162⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"164⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"166⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"168⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"170⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"172⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"174⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"176⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"178⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"180⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"182⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"184⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"186⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"188⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"190⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"192⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"194⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"196⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"198⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"200⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"202⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"204⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"206⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023207⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"208⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023209⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"210⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023211⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"212⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1213⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023213⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"214⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023215⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"216⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1217⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023217⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"218⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1219⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023219⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"220⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1221⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023221⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"222⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023223⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"224⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1225⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023225⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"226⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023227⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"228⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023229⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"230⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1231⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023231⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"232⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1233⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023233⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"234⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023235⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"236⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023237⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"238⤵
-
C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023.exeC:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023239⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\21f37b25a0441c8f25df4351393ee50ee4e9b70466c8f8cd3dda886c78334023"240⤵