c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f

Resubmissions

31/03/2025, 16:15 UTC

250331-tqqrrawlt6 10

30/09/2021, 21:22 UTC

210930-z7w8raaefn 10

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 16:15 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Size

31KB
MD5

4adad151f3c235616ce57238c32b4b34
SHA1

9d05a045e0ce402ff257d799921a9557a2569535
SHA256

c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f
SHA512

34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366
SSDEEP

768:RPwoqkZlH/azx1+ta+q3U97v8+QmIDUu0tiJYDj:s4qSp7QVkQSj

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4876	netsh.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33aef9319e7f69a68e51dc4a67780130.exe	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33aef9319e7f69a68e51dc4a67780130.exe	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\33aef9319e7f69a68e51dc4a67780130 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe\" .."	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\33aef9319e7f69a68e51dc4a67780130 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe\" .."	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
25	0.tcp.ngrok.io
54	0.tcp.ngrok.io
60	0.tcp.ngrok.io

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	4692	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	5372	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	5804	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	3372	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	5304	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	4896	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Token: SeDebugPrivilege	4396	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 4876	660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe	94
PID 660 wrote to memory of 4876	660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe	94
PID 660 wrote to memory of 4876	660	C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe	94
PID 3612 wrote to memory of 4692	3612	cmd.exe	100
PID 3612 wrote to memory of 4692	3612	cmd.exe	100
PID 3612 wrote to memory of 4692	3612	cmd.exe	100
PID 3392 wrote to memory of 5372	3392	cmd.exe	101
PID 3392 wrote to memory of 5372	3392	cmd.exe	101
PID 3392 wrote to memory of 5372	3392	cmd.exe	101
PID 1808 wrote to memory of 5804	1808	cmd.exe	106
PID 1808 wrote to memory of 5804	1808	cmd.exe	106
PID 1808 wrote to memory of 5804	1808	cmd.exe	106
PID 984 wrote to memory of 3372	984	cmd.exe	108
PID 984 wrote to memory of 3372	984	cmd.exe	108
PID 984 wrote to memory of 3372	984	cmd.exe	108
PID 320 wrote to memory of 5304	320	cmd.exe	118
PID 320 wrote to memory of 5304	320	cmd.exe	118
PID 320 wrote to memory of 5304	320	cmd.exe	118
PID 5216 wrote to memory of 4896	5216	cmd.exe	119
PID 5216 wrote to memory of 4896	5216	cmd.exe	119
PID 5216 wrote to memory of 4896	5216	cmd.exe	119
PID 4328 wrote to memory of 4396	4328	cmd.exe	122
PID 4328 wrote to memory of 4396	4328	cmd.exe	122
PID 4328 wrote to memory of 4396	4328	cmd.exe	122

C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe bcdedit /c set shutdown /r readonly /f force /t 2
1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:660
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" "C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  - System Location Discovery: System Language Discovery
  PID:4876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:984
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:5216
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:320
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2572
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1884
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6112
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2576
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5940
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4208
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3468
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5676
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5548
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3544
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4164
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4428
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4500
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4060
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4288
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3980
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5892
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3884
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:532
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5996
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1800
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6028
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1336

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2036
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2968
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1952
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5084
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5708
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5072
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3820
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5316
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5752
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4576
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2644
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:544
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4504
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1384
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5640
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4100
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1864
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:624
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3860
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4300
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4480
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:944
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1040
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5580
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4944
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5400
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3592
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3384
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3368
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2512
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5660
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1348
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5100
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:696
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5156
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4220
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:312
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4308
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2104
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5668
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3824
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5372
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2636
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2020
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5368
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:380
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4100
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3944
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2968
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5776
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3388
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3160
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4640
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5580
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2072
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1308
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4756
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1752
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6108
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:684
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3432
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1920
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5240
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2436
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4580
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4512
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2100
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2572
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1672
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5432
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5412
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5400
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4544
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5968
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:428
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:64

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1808
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6104
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2968
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5976
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2092
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6032
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4420

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4944
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2148
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2992
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4688
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5012
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:860
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6140
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:376
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2592
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2700
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1304
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4316
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5804
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2328
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5904
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4020
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1008
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4820
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1592
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4892
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3384
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4544
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4700
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:428
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2024
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2932
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2152
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1936
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4508
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:760
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1644
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4552
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:696
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4752
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6032
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2004
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1308
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4748
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3376
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2700
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5152
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4288
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2672
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4668
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5876
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3248
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2464
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:856
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1176
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6024
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4960
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5452
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2072
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:3716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:808
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5236
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4932
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4928
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4560
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1656
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4600
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3904
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1764
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5628
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5384
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4680
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:6124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1116
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:4288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5752
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4884
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2644
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2512
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:1428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2592
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3384
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:2688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:6032
- C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
  C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe ..
  2⤵
  PID:5924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:1956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:4484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:5344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:2444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe" ..
1⤵
PID:3616

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=19E3212AA04F6B721E1334EAA1686A7A; domain=.bing.com; expires=Sat, 25-Apr-2026 16:16:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 54848199AA704B38843CCD173AB295C4 Ref B: LON04EDGE0722 Ref C: 2025-03-31T16:16:23Z
date: Mon, 31 Mar 2025 16:16:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=19E3212AA04F6B721E1334EAA1686A7A

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=tHozFOGV-DAcHyW9qc_aTAOHfrIcJyFb-UotiwO4FcU; domain=.bing.com; expires=Sat, 25-Apr-2026 16:16:23 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 15261598BE30483FB94B210C7BA3FCB2 Ref B: LON04EDGE0722 Ref C: 2025-03-31T16:16:23Z
date: Mon, 31 Mar 2025 16:16:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=19E3212AA04F6B721E1334EAA1686A7A; MSPTC=tHozFOGV-DAcHyW9qc_aTAOHfrIcJyFb-UotiwO4FcU

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8BAA6E9491943B3BF41B71A7D11CE64 Ref B: LON04EDGE0722 Ref C: 2025-03-31T16:16:23Z
date: Mon, 31 Mar 2025 16:16:23 GMT
DNS

0.tcp.ngrok.io

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.146.103.81
DNS

0.tcp.ngrok.io

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.146.103.81
DNS

0.tcp.ngrok.io

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.135.250.11
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.187.227
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.187.227:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Mon, 31 Mar 2025 15:54:43 GMT
Expires: Mon, 31 Mar 2025 16:44:43 GMT
Age: 1402
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

tls, http2

2.0kB
9.4kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb22cdfca8774805b1ae135855f0096d&localId=w:23575595-BCFD-0FE4-454D-37D8579B8EC5&deviceId=6896216935740912&anid=

HTTP Response

204
3.146.103.81:11421

0.tcp.ngrok.io

ssh

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

754 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.146.103.81:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.135.250.11:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.135.250.11:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
3.135.250.11:11421

0.tcp.ngrok.io

ssh

696 B
319 B
7
6
142.250.187.227:80

http://c.pki.goog/r/r1.crl

http

384 B
355 B
4
3

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304
3.135.250.11:11421

0.tcp.ngrok.io

ssh

650 B
319 B
6
6

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

0.tcp.ngrok.io

dns

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

60 B
76 B
1
1

DNS Request

0.tcp.ngrok.io

DNS Response

3.146.103.81
8.8.8.8:53

0.tcp.ngrok.io

dns

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

60 B
76 B
1
1

DNS Request

0.tcp.ngrok.io

DNS Response

3.146.103.81
8.8.8.8:53

0.tcp.ngrok.io

dns

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

60 B
76 B
1
1

DNS Request

0.tcp.ngrok.io

DNS Response

3.135.250.11
8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.187.227

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe.log

Filesize
319B

MD5
da4fafeffe21b7cb3a8c170ca7911976

SHA1
50ef77e2451ab60f93f4db88325b897d215be5ad

SHA256
7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7

SHA512
0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6

Download Submit
memory/660-0-0x0000000075232000-0x0000000075233000-memory.dmp

Filesize
4KB

Download
memory/660-1-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/660-2-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/660-6-0x0000000075232000-0x0000000075233000-memory.dmp

Filesize
4KB

Download
memory/660-7-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/660-10-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/4692-8-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/4692-9-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download
memory/4692-13-0x0000000075230000-0x00000000757E1000-memory.dmp

Filesize
5.7MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.