57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe
Size

861KB
MD5

19deef89c7253c71b9c3316839093554
SHA1

a22c8670359b67efa6b33a7f5757f242d7f80b7b
SHA256

57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881
SHA512

c369e7c4daa6e8f9c1d873b0253fc92b5c4a685ff4b069bdc11ac9e6220343cf12a027ac65af74b0438acd9ff2e2e9b35ed2b85dd5e23d91971cf04be7caf098
SSDEEP

24576:fnM/m/j0++Ge93ZKVbIaGoVFC/bXfRNuGN6mTQP0mv:vMRGe6zGmFGrN3QPBv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2308	fastboot.exe
4028	fastboot.exe
904	fastboot.exe
3972	fastboot.exe
4544	fastboot.exe
468	fastboot.exe
3348	fastboot.exe
2580	fastboot.exe
4816	fastboot.exe
4520	fastboot.exe
816	fastboot.exe
3148	fastboot.exe
4352	fastboot.exe
4744	fastboot.exe
1224	fastboot.exe
2356	fastboot.exe
3376	fastboot.exe
2756	fastboot.exe
224	fastboot.exe
1572	fastboot.exe
220	fastboot.exe
3252	fastboot.exe
2404	fastboot.exe
4604	fastboot.exe
3532	fastboot.exe
3256	fastboot.exe
2440	fastboot.exe
1516	fastboot.exe
3108	fastboot.exe
708	fastboot.exe
3844	fastboot.exe
1832	fastboot.exe
3096	fastboot.exe
3036	fastboot.exe
380	fastboot.exe
4884	fastboot.exe
2248	fastboot.exe
4244	fastboot.exe
2140	fastboot.exe
1140	fastboot.exe
4480	fastboot.exe
244	fastboot.exe
1512	fastboot.exe
3076	fastboot.exe
1576	fastboot.exe
4632	fastboot.exe
4844	fastboot.exe
4800	fastboot.exe
2560	fastboot.exe
4384	fastboot.exe
4880	fastboot.exe
2384	fastboot.exe
904	fastboot.exe
2328	fastboot.exe
4744	fastboot.exe
696	fastboot.exe
3788	fastboot.exe
1224	fastboot.exe
1260	fastboot.exe
3420	fastboot.exe
468	fastboot.exe
1104	fastboot.exe
556	fastboot.exe
4580	fastboot.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	fastboot.exe
2308	fastboot.exe
4028	fastboot.exe
4028	fastboot.exe
904	fastboot.exe
904	fastboot.exe
3972	fastboot.exe
3972	fastboot.exe
4544	fastboot.exe
4544	fastboot.exe
468	fastboot.exe
468	fastboot.exe
3348	fastboot.exe
3348	fastboot.exe
2580	fastboot.exe
2580	fastboot.exe
4816	fastboot.exe
4816	fastboot.exe
4520	fastboot.exe
4520	fastboot.exe
816	fastboot.exe
816	fastboot.exe
3148	fastboot.exe
3148	fastboot.exe
4352	fastboot.exe
4352	fastboot.exe
4744	fastboot.exe
4744	fastboot.exe
1224	fastboot.exe
1224	fastboot.exe
2356	fastboot.exe
2356	fastboot.exe
3376	fastboot.exe
3376	fastboot.exe
2756	fastboot.exe
2756	fastboot.exe
224	fastboot.exe
224	fastboot.exe
1572	fastboot.exe
1572	fastboot.exe
220	fastboot.exe
220	fastboot.exe
3252	fastboot.exe
3252	fastboot.exe
2404	fastboot.exe
2404	fastboot.exe
4604	fastboot.exe
4604	fastboot.exe
3532	fastboot.exe
3532	fastboot.exe
3256	fastboot.exe
3256	fastboot.exe
2440	fastboot.exe
2440	fastboot.exe
1516	fastboot.exe
1516	fastboot.exe
3108	fastboot.exe
3108	fastboot.exe
708	fastboot.exe
708	fastboot.exe
3844	fastboot.exe
3844	fastboot.exe
1832	fastboot.exe
1832	fastboot.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/536-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-26-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-20-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-16-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-30-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-18-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/536-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe
536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe
536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 3900	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	86
PID 536 wrote to memory of 3900	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	86
PID 536 wrote to memory of 3900	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	86
PID 3900 wrote to memory of 2308	3900	cmd.exe	88
PID 3900 wrote to memory of 2308	3900	cmd.exe	88
PID 3900 wrote to memory of 2308	3900	cmd.exe	88
PID 536 wrote to memory of 5116	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	90
PID 536 wrote to memory of 5116	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	90
PID 536 wrote to memory of 5116	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	90
PID 5116 wrote to memory of 4028	5116	cmd.exe	92
PID 5116 wrote to memory of 4028	5116	cmd.exe	92
PID 5116 wrote to memory of 4028	5116	cmd.exe	92
PID 536 wrote to memory of 2184	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	94
PID 536 wrote to memory of 2184	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	94
PID 536 wrote to memory of 2184	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	94
PID 2184 wrote to memory of 904	2184	cmd.exe	96
PID 2184 wrote to memory of 904	2184	cmd.exe	96
PID 2184 wrote to memory of 904	2184	cmd.exe	96
PID 536 wrote to memory of 2272	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	98
PID 536 wrote to memory of 2272	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	98
PID 536 wrote to memory of 2272	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	98
PID 2272 wrote to memory of 3972	2272	cmd.exe	102
PID 2272 wrote to memory of 3972	2272	cmd.exe	102
PID 2272 wrote to memory of 3972	2272	cmd.exe	102
PID 536 wrote to memory of 2796	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	103
PID 536 wrote to memory of 2796	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	103
PID 536 wrote to memory of 2796	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	103
PID 2796 wrote to memory of 4544	2796	cmd.exe	106
PID 2796 wrote to memory of 4544	2796	cmd.exe	106
PID 2796 wrote to memory of 4544	2796	cmd.exe	106
PID 536 wrote to memory of 3660	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	108
PID 536 wrote to memory of 3660	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	108
PID 536 wrote to memory of 3660	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	108
PID 3660 wrote to memory of 468	3660	cmd.exe	110
PID 3660 wrote to memory of 468	3660	cmd.exe	110
PID 3660 wrote to memory of 468	3660	cmd.exe	110
PID 536 wrote to memory of 4844	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	111
PID 536 wrote to memory of 4844	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	111
PID 536 wrote to memory of 4844	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	111
PID 4844 wrote to memory of 3348	4844	cmd.exe	113
PID 4844 wrote to memory of 3348	4844	cmd.exe	113
PID 4844 wrote to memory of 3348	4844	cmd.exe	113
PID 536 wrote to memory of 4580	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	114
PID 536 wrote to memory of 4580	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	114
PID 536 wrote to memory of 4580	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	114
PID 4580 wrote to memory of 2580	4580	cmd.exe	117
PID 4580 wrote to memory of 2580	4580	cmd.exe	117
PID 4580 wrote to memory of 2580	4580	cmd.exe	117
PID 536 wrote to memory of 4016	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	118
PID 536 wrote to memory of 4016	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	118
PID 536 wrote to memory of 4016	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	118
PID 4016 wrote to memory of 4816	4016	cmd.exe	120
PID 4016 wrote to memory of 4816	4016	cmd.exe	120
PID 4016 wrote to memory of 4816	4016	cmd.exe	120
PID 536 wrote to memory of 1072	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	121
PID 536 wrote to memory of 1072	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	121
PID 536 wrote to memory of 1072	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	121
PID 1072 wrote to memory of 4520	1072	cmd.exe	123
PID 1072 wrote to memory of 4520	1072	cmd.exe	123
PID 1072 wrote to memory of 4520	1072	cmd.exe	123
PID 536 wrote to memory of 2060	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	124
PID 536 wrote to memory of 2060	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	124
PID 536 wrote to memory of 2060	536	57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe	124
PID 2060 wrote to memory of 816	2060	cmd.exe	126

C:\Users\Admin\AppData\Local\Temp\57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe
"C:\Users\Admin\AppData\Local\Temp\57f0ab779f8af92b82db560c9bc52987361fdfd8ae404f7512b8fe324077b881.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3900
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2308
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4028
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:904
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3972
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4544
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:468
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3348
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2580
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4816
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4520
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:816
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3148
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4352
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4744
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3364
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1224
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2356
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3376
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3076
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2756
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:224
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1208
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1572
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4808
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:220
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4912
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3252
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2404
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4604
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3532
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3256
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2440
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4552
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1516
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5032
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3108
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:708
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:972
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3844
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3348
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1832
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:3096
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:3036
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3984
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:380
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4884
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:2248
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4244
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3840
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:2140
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3732
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1140
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3788
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4480
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4760
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:244
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4308
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1512
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3928
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:3076
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1576
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4632
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4844
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4800
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4816
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:2560
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4384
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4880
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:2384
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1424
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:904
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:2328
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4744
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:696
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3584
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:3788
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3628
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1224
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1260
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4252
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:3420
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5112
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:468
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4632
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:1104
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:556
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4544
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    - Executes dropped EXE
    PID:4580
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4520
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4756
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5040
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1460
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3792
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4952
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3964
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3588
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3732
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3584
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3628
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4308
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3612
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3672
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1216
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4648
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3464
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4832
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1104
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4632
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2272
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4844
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4344
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4544
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4588
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1484
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2972
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4620
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4804
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:432
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:384
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4600
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4244
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5068
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3804
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1528
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3232
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4104
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3584
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4780
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4260
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1344
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3140
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1012
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2084
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5072
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3388
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4584
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1016
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2652
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4844
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4544
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3504
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5004
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2944
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4328
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3732
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3364
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2760
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3584
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:244
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5020
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1344
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3596
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:932
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5092
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1576
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2272
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3424
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:712
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3096
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3988
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3252
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3504
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4816
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3164
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4000
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1108
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:856
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1816
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3444
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:696
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2760
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4780
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4468
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1232
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:784
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3844
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2364
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4492
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:5092
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3048
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3448
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:116
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4852
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:820
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1204
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3988
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4920
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4600
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4088
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4328
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3964
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3572
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:736
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3432
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:4260
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1512
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:1880
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3596
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:2692
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:972
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3168
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3040
- C:\Windows\SysWOW64\cmd.exe
  /c fastboot devices
  2⤵
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\fastboot.exe
    fastboot devices
    3⤵
    PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AdbWinApi.dll

Filesize
94KB

MD5
47a6ee3f186b2c2f5057028906bac0c6

SHA1
fde9c22a2cfcd5e566cec2e987d942b78a4eeae8

SHA256
14a51482aa003db79a400f4b15c158397fe6d57ee6606b3d633fa431a7bfdf4b

SHA512
6a2675de0c445c75f7d5664ebe8f0e2f69c3312c50156161e483927e40235140d5e28e340112ac552d6462366143890a8ce32dbf65bd37e27cb1ea290fe14584

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdbWinUsbApi.dll

Filesize
59KB

MD5
5f23f2f936bdfac90bb0a4970ad365cf

SHA1
12e14244b1a5d04a261759547c3d930547f52fa3

SHA256
041c6859bb4fc78d3a903dd901298cd1ecfb75b6be0646b74954cd722280a407

SHA512
49a7769d5e6cb2fda9249039d90465f7a4e612805bba48b7036456a3bbd230e4d13da72e4ade5155ddc08fe460735ec8d6df3bb11b72ff28e1149221e2fc3048

Download Submit
C:\Users\Admin\AppData\Local\Temp\fastboot.exe

Filesize
153KB

MD5
a3c12797c0d0035effc2404fc1f405dc

SHA1
bf57b1115155fd739510702124e41a88cf45071c

SHA256
eccde6dd0636fee30fe7389042ee40e1c458b7eced52c90d062bd39875881c07

SHA512
a5c45dfd798a11fc55e2bda0cf459bd98e0218df2f7592b9eb4fce53c418efdbedd03c314ec91edd36d109801ed84301696cf8ca1999abfce72a83f8edf98ae6

Download Submit
memory/116-351-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/224-146-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/244-309-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/380-178-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/384-274-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/468-227-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/468-225-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/536-150-0x0000000000400000-0x0000000000669000-memory.dmp

Filesize
2.4MB

Download
memory/536-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-26-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-20-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-16-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-30-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-18-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-0-0x0000000000400000-0x0000000000669000-memory.dmp

Filesize
2.4MB

Download
memory/536-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/536-96-0x0000000000400000-0x0000000000669000-memory.dmp

Filesize
2.4MB

Download
memory/536-102-0x0000000000400000-0x0000000000669000-memory.dmp

Filesize
2.4MB

Download
memory/536-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/556-231-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/696-337-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/708-170-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/784-344-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/816-111-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/904-210-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/904-71-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1104-229-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1104-259-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1140-188-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-254-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1224-130-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1224-219-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1260-221-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1460-239-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1512-193-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1516-166-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1528-278-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1572-151-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2084-287-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2140-186-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2272-261-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2272-319-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2308-58-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2308-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2328-212-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2356-134-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-208-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-354-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2404-158-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2440-164-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2560-202-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2652-292-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-142-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2760-339-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2760-305-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2944-301-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2972-268-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3036-177-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3096-322-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3096-175-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3148-116-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3252-156-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3256-162-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3348-91-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3376-138-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3420-224-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3424-321-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3444-334-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3504-326-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3584-248-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3584-307-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3596-313-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3612-252-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3628-250-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3732-246-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3732-303-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3788-217-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3844-171-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3964-243-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3972-77-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3988-357-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4000-329-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4028-68-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4104-279-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4244-184-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4260-284-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4344-263-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4352-121-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4520-235-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4520-105-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4544-83-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4544-296-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4580-233-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4588-266-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4620-270-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4632-197-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4744-214-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4744-126-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4780-341-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4804-272-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4816-100-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4832-257-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4844-199-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4852-353-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4880-206-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4884-181-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4952-240-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5004-299-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5020-311-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5040-237-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5072-289-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download