Malware Analysis Report

2024-10-19 06:32

Sample ID 240628-bbcmgavbrk
Target https://github.com/quasar/Quasar
Tags
quasar acrobat reader spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/quasar/Quasar was found to be: Known bad.

Malicious Activity Summary

quasar acrobat reader spyware trojan

Quasar RAT

Quasar payload

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Opens file in notepad (likely ransom note)

Scheduled Task/Job: Scheduled Task

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Gathers network information

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 00:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 00:57

Reported

2024-06-28 01:06

Platform

win10v2004-20240611-en

Max time kernel

505s

Max time network

453s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Client-built.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640098850215801" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0 = 7e00310000000000dc58630711004465736b746f7000680009000400efbecb58c394dc5863072e00000074e101000000010000000000000000003e0000000000d0f881004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 5000310000000000cb584ca0100041646d696e003c0009000400efbecb58c394dc5841072e0000006ae10100000001000000000000000000000000000000294ed500410064006d0069006e00000014000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "6" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\0\NodeSlot = "5" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\0 = 6600310000000000dc586e0710005155415341527e312e3100004c0009000400efbedc586307dc586f072e00000098340200000008000000000000000000000000000000197594005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 6600310000000000dc586e0710005155415341527e312e3100004c0009000400efbedc586307dc586f072e00000098340200000008000000000000000000000000000000197594005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 7800310000000000cb58c3941100557365727300640009000400efbe874f7748dc5841072e000000c70500000000010000000000000000003a000000000014937a0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3128 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 4044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 4044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3128 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0eeab58,0x7ffed0eeab68,0x7ffed0eeab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1924,i,16148578027727035826,8320037083678618878,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\ipconfig.exe

ipconfig

C:\Users\Admin\Desktop\Client-built.exe

"C:\Users\Admin\Desktop\Client-built.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "oMtCMngr" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe

"C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "oMtCMngr" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Pdf Reader\Reader.exe" /rl HIGHEST /f

C:\Windows\SYSTEM32\cmd.exe

"cmd" /K CHCP 437

C:\Windows\system32\chcp.com

CHCP 437

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\look.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" $_"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
N/A 10.127.0.202:4782 tcp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
N/A 10.127.0.202:4782 tcp
US 8.8.8.8:53 90.57.201.195.in-addr.arpa udp
US 8.8.8.8:53 195.201.50.20.in-addr.arpa udp

Files

\??\pipe\crashpad_3128_VTRZJFPSBCXFZNVQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a7dae27e-5fb5-4d0f-b42c-c833c5e77e67.tmp

MD5 271af32a826afa9a8951a3af6dd0d2cf
SHA1 bef43c6ac5692aa3edd8811955d16044c5770be3
SHA256 faa035ede81f6fd44c1cd2c9ec6aed7788e362afca06798ee3c73654e22b176f
SHA512 534cb7e2d949f41290ff2d54fcf6e050774b37607685aa3dcf27ae34a4cbab05aa6d6e0aa4babf5f3e79c814acda086a0beac6b81680f08724f6896b74ae87dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41e0042c9846944b1333c7e2c417155b
SHA1 a15be9dde4561d396b707a30637eeb2e0d924d9e
SHA256 e7072e81dbd40c45623ee7e851d96ce94bd36d309fbb7dc7d9d29bd641aaa1dc
SHA512 8142fb0f5f99308f73e07858290fe8114e889a73f0f8eb5fc430f222dd2dd38b6583fc8dee5530b19a046a9248e4f666ea8645b4f5edde94a9c8b8f419ab3e29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b6f32c8b782d70dbb5bfc9834a897bb
SHA1 2b5827ed797266b63666dd7244c83a5b5732e319
SHA256 b50b706411422d15200d05057a1b2406c7fa962ecbd488171d799b60eb31ed7a
SHA512 0d5e9aef994485033a4dd420af5623a5c68e1fb51b5e0f9c99540683b1a6017594f09741ddbf7cd92f096812320bd927bf939f20427891cbc04394bf85c0c3e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ac994c64f65235e8be039264ca757965
SHA1 01bd55086c4e0eccb4509dea68fab9bcbcd06310
SHA256 3ca049318f30db71dd0a88d236152ba40624a7818dd2272293f615cffa143a39
SHA512 8e3ca285bdf4e0c9e4e31ca01b58cda5eecf400bfea48e655739ea1fce9f7ac727376cb4ce2ff64dd3198b8a04221ccacc20285433500266434fa28c1452190b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a71731cc470efe09537f45799fad1e78
SHA1 c6e31a05c87ba976715a7d8bb97c3ce6c123a493
SHA256 4e62b8151f10e67874743aeec8d8aad459d8a89fcfd5fed94e475e1d98b58a34
SHA512 2eac9c250cd2b6622cafb485cfc17cbda1cf49b682e0ea396b6c4aed2349fb6d896cdd8a3555a56464db03841c806cc9bea0fa909c654f8bb4af9c6d0efcc4d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 958180cd107692d8a864e3746ab24109
SHA1 d91cd4ab1a47fe7dddee22f16182bd438a701ae6
SHA256 fd4058fe8870dd56a18dfdc63af8e1399e4305b0a4140f53888846f3dfd0e7dc
SHA512 c7b28750d321fe9e32c9570ba5e13ff2d768e386ebf625675497067feabcbcfcf239902fe411177429303af584b2e83568cc16ae0297a89d66d26f3178d51223

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c1e9f09d7b295a959f261c35385136e3
SHA1 adb6d72f0c797e55d17695e8f040a606ccd2d428
SHA256 03cc44504954884ca223769558f68ed0317b6bfb1835b2d3a9990de1b9eba7df
SHA512 49fb3cf141ab446af704d298261e6f29de8fe55a6c3b0440a291db724b15db1e917a028e7a00a22696974025c70c89b87cb907b192ebfcb8835dc20c757b994f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f2fa1dbdd1eea86bf509b9aa24970ed
SHA1 741aaadc33e367130e67499ed181ca74be462604
SHA256 bbcad8bdc101b9bde17a8e4e4b790d568f2e55a142d7689a054c7aa69df868aa
SHA512 5660f1d566e98bdb6e41a93bf1f265c863a475fbe7c6f3cd699b214a5bfae0f1528a9df8911d819f66df4345f18e9655733fb348f414fe732f6515629625ec2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 780a81d99b25ea3014d0969fb2e87db4
SHA1 f3c591cb57eb7692c7c33f8a68d86eb878ef3c8c
SHA256 53f426da4206ed44eb46ab3e8ae1e7eee4c08e94d0cbc474ff3875895d5bb4a9
SHA512 dc07f0a37f9911c8a8a91e4e6b0e342ae029172d6219ed6117bfad560f89b3c5a0adb2242c289636bc41c85a79e12339a495b9d4a3b13c9ebbafa9cb8dfa76c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7ae6250c1f0174c5971d65b5e2f066b5
SHA1 0bad835793a9b185b61254a24e0ee3c677986fdd
SHA256 ba129bc88f3b7e42f0de4266a0a16ba84c6b2f739dc5fbdf88daa4c3a99c4a86
SHA512 9a237ff8ddcee0f205588e6650ae27e44cc67ea8a244a48309667fbb11ac642885e39df8ff79e75045e65a2c860666527b787c1fb9d29bbc718ca127f2d0db8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581fe7.TMP

MD5 0e6bf74a3fc6add42dc7741ef41cf189
SHA1 1376f67be9fc5c52898212812f476f267c7ad8bb
SHA256 a65affd119692633aa97b46f44de082cdaf9f48d4e245f57d5093410aa164522
SHA512 5f35fee9b4d2d84f74848a05c3bdae59cb20aa9025cd02945166bd729ba71bbf548524fbcdee04e70ff35f902a3479af3dc18f5d8775d31d4f7fc8d6ced8bca3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 10094a15c3964468ca7058ddf9460c76
SHA1 709cb8b1c518f306019d6f5e6e141b37b4d0be8c
SHA256 87a7d58b316057ed59b29e2592925cca80e76c8efbaac4ccb55de4722ef1cdba
SHA512 492581923a68f89d3f494816474b202f165b252b7aa0b5b49e15ab91b2cc039e5f54f221f2ea91b4e808af4e96628c1687785228aa2d92fa1a36c2c5daf14cd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5954c07279b070f0822707b81cc1aa66
SHA1 332850a9a7365cc7568459f4b9ee9bb75e909926
SHA256 2941f7dabaf7f6a5ae3ebac4f394a872844fd061d292d4e52daa50153dca7828
SHA512 513a2f5d33c4e80a8d11fdb5ff73ad3abff8dd0e0114196ac9f16b3a96c2d21d39bab7bc597d7d3ab9661444c15b56323f36b090814134b384c954097547fa2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 32af441c7e91dd6e54288f7762cc3f3e
SHA1 7ec78ddf8f446d81ffec3c193ba4e635b0c44fb4
SHA256 7afaa334a1757f1251939d2d02348fe5371c5e54be8c3533d421a042d3f60d6d
SHA512 259d65011219711e49bbb87ae27ffbbb21762bfc3050de44518c0c357e2ff2f982024b40ccc197aa6f871479192fc319bf965ccaf49e6c85e8bee99c6861e048

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 01f14315024e0780c4fb40e44fbe27ba
SHA1 0d55aad20ec2932e136bfc1bbda16769c4504999
SHA256 bca18b281c78830bfff0388366c66c776a9062b18fec34a9359f1c18566a50ff
SHA512 01e51084e2f8bfd5b1a5d1dca2a1104cec6064665826817b45832560ba8f2fb584f06a2e0a45dff1f06ff9fb339ff0dad2163c63ac40e93cd310b9e8263ae54c

memory/1528-358-0x00007FFEC01C3000-0x00007FFEC01C5000-memory.dmp

memory/1528-359-0x000002DA4AC10000-0x000002DA4AD48000-memory.dmp

memory/1528-360-0x000002DA4B150000-0x000002DA4B166000-memory.dmp

memory/1528-361-0x00007FFEC01C0000-0x00007FFEC0C81000-memory.dmp

memory/1528-362-0x00007FFEC01C0000-0x00007FFEC0C81000-memory.dmp

memory/1528-363-0x000002DA684B0000-0x000002DA687DE000-memory.dmp

memory/1528-369-0x00007FFEC01C3000-0x00007FFEC01C5000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

MD5 7fa5b2aa721c11a22aef3bb720bde441
SHA1 ce91bac716fa89157faaf7500d8c1071f2838d5d
SHA256 7fc1245f02893994b6590e70b3f06864b6d77ed90935008bdc0f699a16653b3b
SHA512 ce6516e1ecf78c95be31f57376df242a41fb3e159d05e90bdd9cf9fd7bbf3817dc82fad144cf051ef1af2a6fd3b5b6a86b96b9e1cea1ac7c19a8d79ab8badc8c

memory/1528-386-0x000002DA67660000-0x000002DA67678000-memory.dmp

memory/1528-387-0x000002DA678F0000-0x000002DA67940000-memory.dmp

memory/1528-388-0x000002DA68250000-0x000002DA68302000-memory.dmp

memory/1528-389-0x000002DA68190000-0x000002DA681DC000-memory.dmp

memory/1528-390-0x00007FFEC01C0000-0x00007FFEC0C81000-memory.dmp

memory/1528-391-0x00007FFEC01C0000-0x00007FFEC0C81000-memory.dmp

memory/1528-393-0x000002DA6B9D0000-0x000002DA6BA2E000-memory.dmp

memory/1528-394-0x000002DA6B510000-0x000002DA6B52A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2447855248-390457009-3660902674-1000\c6fb72569d162fb6fd243df47c4e91c9_6b8fed25-7af2-4faa-8715-fe0b598ba931

MD5 b701c601ad05c59e960fc92da9db2500
SHA1 0458d57b87fd4f8d3ee025e829791e35fa4a3da0
SHA256 f6d38b02c2b3705d32bec4531d0b3eceab020ac5ea132457706943edd81bd614
SHA512 9cb1fe3d403ce5a16947a17956cb167f2015d95edd0701cfc10d17e90e30ab88631afd3223b2d1aac3b7cdc8b590f770e0d725603d252cc7de36909de3689fb2

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 3d4169e9c1a961be27554f37872e0bca
SHA1 07bd20f9e2f3a8061498144600cbe9ed9c3e406f
SHA256 eae9a2fab1ced0a75d94ce435062fdf035d9434d8b9c2605e870714ee4c937f8
SHA512 48809f361b58dece5ebd626b14a63e900125b1d9afaad82511b4379f670cbe9c3bc6b7b34a88a1f3895726623e08fcbea265d798cae6a49b3baa2fd27aed9b53

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 3cd7db0107e53acc837eaac64c614623
SHA1 a671b78740c12a2dff675dc55570c5d69006caaf
SHA256 f585bc6a49c8a15942d65175c8fbd72186d0ddf6e5417a18ca1cf24888ca03db
SHA512 f31cb236bcf986aef0e855f8f6d91dfad270ccaca4fe6c08e7b6c4827941adf7d51afb2a7e995c05e40965a638bed3d4b9492a732c2bc85369ff3764ec691334

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 7a347abfbe84ba2254ef773a14b22c6c
SHA1 151d99890b1c5ad5b4e722fac4c5aa2678622b1f
SHA256 2a8ef71fb421961dca053feb4b393341459876275d4df88d2d703dc19d501b5c
SHA512 61ae0796e82483f77fe7a12f6b05887fff6d543ba9d6dfece3139f29ba1835c2698c31e57d91d092bf1dfdef5573783ec996211385417b6540136aab6ade91b3

C:\Users\Admin\Desktop\Client-built.exe

MD5 b9f8f9f0b495e1d656ed097479b02ccf
SHA1 ac62461749811eea990e01cfc3d0752f837a284d
SHA256 6611a59c30a64335e1f450ee8905f7dd308fcbef478a10c1c9a4a8320f0b547f
SHA512 cd164f4b04278178a555dba9d9b362651781b8a6efd4412a0d14fde2a27c22d9129c1d4e77788c677916621950091e40576bf02b00ad1094259884d5f41f444c

memory/3816-470-0x0000000000430000-0x0000000000754000-memory.dmp

memory/3100-477-0x000000001B980000-0x000000001B992000-memory.dmp

memory/3100-478-0x000000001B9E0000-0x000000001BA1C000-memory.dmp

memory/3100-498-0x000000001C970000-0x000000001CE98000-memory.dmp

C:\Users\Admin\Desktop\look.txt

MD5 71badfdd2040d4ff956f4a40530b5012
SHA1 8b5e42e4578bcd4ca8df93a3dd40d0ca4a3edc0e
SHA256 252d89da792d62946f4400ebf8058721306120187d987a8089245e2233d6b2e2
SHA512 3c5dc1a49817148273030dcb8bbb6feea9b05e7ec1d0b3b9654e76d6d265b6da7192d277565cb022dce178661b298f43143d9f706bc9dd19de054c0168328ea9

C:\Users\Admin\Desktop\$_.cmd

MD5 3df116ef9ce709e3a5f25249db341c98
SHA1 7af50effe03c71bd5e03d46dc9b979c6faf92c8d
SHA256 4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0
SHA512 54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

memory/13620-536-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/13636-534-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/8844-537-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/9372-538-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/15168-539-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/13884-540-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10876-542-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12560-555-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12384-554-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/15200-550-0x00007FFEDF070000-0x00007FFEDF265000-memory.dmp

memory/11380-553-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/7252-552-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11436-551-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10992-549-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10636-548-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10920-546-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11104-545-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10828-544-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10884-543-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/9888-541-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/7904-556-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11616-559-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/6580-560-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12472-563-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12952-562-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/6856-566-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/14160-565-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/10352-564-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/6032-561-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/14672-567-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/16040-568-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11352-569-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/8164-570-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11352-571-0x00007FFED9FF0000-0x00007FFEDA080000-memory.dmp

memory/12608-572-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/14972-574-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/9264-573-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/9568-576-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/7120-575-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12060-578-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11256-577-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/16300-579-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/7136-580-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11816-582-0x00007FFEDF070000-0x00007FFEDF265000-memory.dmp

memory/16192-581-0x00007FFEDF070000-0x00007FFEDF265000-memory.dmp

memory/15628-583-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/16160-584-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/14568-585-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/15836-586-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/12944-587-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/11456-588-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-590-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-589-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-595-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-600-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-599-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-598-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-594-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-596-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/11456-597-0x0000024E7F900000-0x0000024E7F901000-memory.dmp

memory/12468-601-0x00007FF6108A0000-0x00007FF610907000-memory.dmp

memory/15208-602-0x00007FFEDF070000-0x00007FFEDF265000-memory.dmp

memory/9068-603-0x00007FF6108A0000-0x00007FF610907000-memory.dmp