darkcomet | e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d

Analysis

max time kernel
24s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2025, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe
Size

1.0MB
MD5

bb23e0f33180784f3f718c06fd3060fa
SHA1

508c944fb1bf162e6c383e484d4dd3e47543e9e1
SHA256

e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d
SHA512

8916f83162b57835aeee4819c093b20750da177316c3f21047214b439dba9b812f5097706bee27abb84d8a669159ab20f0d01e813dc3540a2cb3ab589cb28daa
SSDEEP

12288:DXCjY03SjKyRLHZmhxik4oHSKhBVhiC4xbBEgjB8JVbRGVzDqEob6VimvXJOq3iU:47SKyLkk0qh18JgJQhAQSsHd9

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Checks computer location settings 2 TTPs 39 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation	TeamViewer.exe

Executes dropped EXE 64 IoCs

pid	Process
4676	Tase.exe
5776	MmPSMVcYo.exe
612	TeamViewer.exe
5860	Tase.exe
5276	MmPSMVcYo.exe
1624	TeamViewer.exe
2912	Tase.exe
4040	MmPSMVcYo.exe
2056	TeamViewer.exe
4228	Tase.exe
5968	MmPSMVcYo.exe
3696	TeamViewer.exe
4400	Tase.exe
4564	MmPSMVcYo.exe
3264	TeamViewer.exe
4516	Tase.exe
4272	MmPSMVcYo.exe
3740	TeamViewer.exe
2820	Tase.exe
4836	MmPSMVcYo.exe
1708	TeamViewer.exe
5784	Tase.exe
316	MmPSMVcYo.exe
5324	TeamViewer.exe
5928	Tase.exe
4016	MmPSMVcYo.exe
3276	TeamViewer.exe
2344	Tase.exe
1524	MmPSMVcYo.exe
3460	TeamViewer.exe
4276	Tase.exe
5404	MmPSMVcYo.exe
5452	TeamViewer.exe
2832	Tase.exe
3472	MmPSMVcYo.exe
212	TeamViewer.exe
1684	Tase.exe
4960	MmPSMVcYo.exe
2052	TeamViewer.exe
5236	Tase.exe
6112	MmPSMVcYo.exe
4776	TeamViewer.exe
3040	Tase.exe
976	MmPSMVcYo.exe
920	TeamViewer.exe
3264	Tase.exe
3252	MmPSMVcYo.exe
4432	TeamViewer.exe
1868	Tase.exe
5600	MmPSMVcYo.exe
4736	TeamViewer.exe
3016	Tase.exe
244	MmPSMVcYo.exe
3772	TeamViewer.exe
316	Tase.exe
1832	MmPSMVcYo.exe
5268	TeamViewer.exe
4016	Tase.exe
3432	MmPSMVcYo.exe
4720	TeamViewer.exe
1140	Tase.exe
2668	MmPSMVcYo.exe
836	TeamViewer.exe
1520	Tase.exe

Adds Run key to start application 2 TTPs 39 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Tass = "C:\\Users\\Admin\\AppData\\Roaming\\TeamViewer.exe"	MmPSMVcYo.exe

Suspicious use of SetThreadContext 40 IoCs

description	pid	Process	procid_target
PID 3720 set thread context of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 612 set thread context of 5860	612	TeamViewer.exe	102
PID 1624 set thread context of 2912	1624	TeamViewer.exe	107
PID 2056 set thread context of 4228	2056	TeamViewer.exe	112
PID 3696 set thread context of 4400	3696	TeamViewer.exe	117
PID 3264 set thread context of 4516	3264	TeamViewer.exe	122
PID 3740 set thread context of 2820	3740	TeamViewer.exe	127
PID 1708 set thread context of 5784	1708	TeamViewer.exe	134
PID 5324 set thread context of 5928	5324	TeamViewer.exe	139
PID 3276 set thread context of 2344	3276	TeamViewer.exe	144
PID 3460 set thread context of 4276	3460	TeamViewer.exe	149
PID 5452 set thread context of 2832	5452	TeamViewer.exe	156
PID 212 set thread context of 1684	212	TeamViewer.exe	166
PID 2052 set thread context of 5236	2052	TeamViewer.exe	172
PID 4776 set thread context of 3040	4776	TeamViewer.exe	177
PID 920 set thread context of 3264	920	TeamViewer.exe	609
PID 4432 set thread context of 1868	4432	TeamViewer.exe	187
PID 4736 set thread context of 3016	4736	TeamViewer.exe	192
PID 3772 set thread context of 316	3772	TeamViewer.exe	197
PID 5268 set thread context of 4016	5268	TeamViewer.exe	202
PID 4720 set thread context of 1140	4720	TeamViewer.exe	207
PID 836 set thread context of 1520	836	TeamViewer.exe	212
PID 3264 set thread context of 5284	3264	TeamViewer.exe	622
PID 5764 set thread context of 3628	5764	TeamViewer.exe	222
PID 2984 set thread context of 4296	2984	TeamViewer.exe	227
PID 5684 set thread context of 876	5684	TeamViewer.exe	232
PID 2596 set thread context of 1880	2596	TeamViewer.exe	237
PID 3620 set thread context of 3328	3620	TeamViewer.exe	242
PID 4776 set thread context of 720	4776	TeamViewer.exe	247
PID 4640 set thread context of 4484	4640	TeamViewer.exe	252
PID 4396 set thread context of 2284	4396	TeamViewer.exe	257
PID 5016 set thread context of 1548	5016	TeamViewer.exe	262
PID 2088 set thread context of 1908	2088	TeamViewer.exe	1227
PID 1016 set thread context of 4352	1016	TeamViewer.exe	272
PID 5296 set thread context of 5432	5296	TeamViewer.exe	277
PID 4488 set thread context of 2708	4488	TeamViewer.exe	282
PID 5452 set thread context of 2628	5452	TeamViewer.exe	287
PID 1592 set thread context of 4552	1592	TeamViewer.exe	292
PID 4648 set thread context of 6104	4648	TeamViewer.exe	297
PID 3536 set thread context of 5684	3536	TeamViewer.exe	302

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TeamViewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tase.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MmPSMVcYo.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893973427963709"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{8385028E-1583-4DF7-B424-675293FEF500}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe
Token: SeIncreaseQuotaPrivilege	4676	Tase.exe
Token: SeSecurityPrivilege	4676	Tase.exe
Token: SeTakeOwnershipPrivilege	4676	Tase.exe
Token: SeLoadDriverPrivilege	4676	Tase.exe
Token: SeSystemProfilePrivilege	4676	Tase.exe
Token: SeSystemtimePrivilege	4676	Tase.exe
Token: SeProfSingleProcessPrivilege	4676	Tase.exe
Token: SeIncBasePriorityPrivilege	4676	Tase.exe
Token: SeCreatePagefilePrivilege	4676	Tase.exe
Token: SeBackupPrivilege	4676	Tase.exe
Token: SeRestorePrivilege	4676	Tase.exe
Token: SeShutdownPrivilege	4676	Tase.exe
Token: SeDebugPrivilege	4676	Tase.exe
Token: SeSystemEnvironmentPrivilege	4676	Tase.exe
Token: SeChangeNotifyPrivilege	4676	Tase.exe
Token: SeRemoteShutdownPrivilege	4676	Tase.exe
Token: SeUndockPrivilege	4676	Tase.exe
Token: SeManageVolumePrivilege	4676	Tase.exe
Token: SeImpersonatePrivilege	4676	Tase.exe
Token: SeCreateGlobalPrivilege	4676	Tase.exe
Token: 33	4676	Tase.exe
Token: 34	4676	Tase.exe
Token: 35	4676	Tase.exe
Token: 36	4676	Tase.exe
Token: SeDebugPrivilege	612	TeamViewer.exe
Token: SeIncreaseQuotaPrivilege	5860	Tase.exe
Token: SeSecurityPrivilege	5860	Tase.exe
Token: SeTakeOwnershipPrivilege	5860	Tase.exe
Token: SeLoadDriverPrivilege	5860	Tase.exe
Token: SeSystemProfilePrivilege	5860	Tase.exe
Token: SeSystemtimePrivilege	5860	Tase.exe
Token: SeProfSingleProcessPrivilege	5860	Tase.exe
Token: SeIncBasePriorityPrivilege	5860	Tase.exe
Token: SeCreatePagefilePrivilege	5860	Tase.exe
Token: SeBackupPrivilege	5860	Tase.exe
Token: SeRestorePrivilege	5860	Tase.exe
Token: SeShutdownPrivilege	5860	Tase.exe
Token: SeDebugPrivilege	5860	Tase.exe
Token: SeSystemEnvironmentPrivilege	5860	Tase.exe
Token: SeChangeNotifyPrivilege	5860	Tase.exe
Token: SeRemoteShutdownPrivilege	5860	Tase.exe
Token: SeUndockPrivilege	5860	Tase.exe
Token: SeManageVolumePrivilege	5860	Tase.exe
Token: SeImpersonatePrivilege	5860	Tase.exe
Token: SeCreateGlobalPrivilege	5860	Tase.exe
Token: 33	5860	Tase.exe
Token: 34	5860	Tase.exe
Token: 35	5860	Tase.exe
Token: 36	5860	Tase.exe
Token: SeDebugPrivilege	1624	TeamViewer.exe
Token: SeIncreaseQuotaPrivilege	2912	Tase.exe
Token: SeSecurityPrivilege	2912	Tase.exe
Token: SeTakeOwnershipPrivilege	2912	Tase.exe
Token: SeLoadDriverPrivilege	2912	Tase.exe
Token: SeSystemProfilePrivilege	2912	Tase.exe
Token: SeSystemtimePrivilege	2912	Tase.exe
Token: SeProfSingleProcessPrivilege	2912	Tase.exe
Token: SeIncBasePriorityPrivilege	2912	Tase.exe
Token: SeCreatePagefilePrivilege	2912	Tase.exe
Token: SeBackupPrivilege	2912	Tase.exe
Token: SeRestorePrivilege	2912	Tase.exe
Token: SeShutdownPrivilege	2912	Tase.exe
Token: SeDebugPrivilege	2912	Tase.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 4764	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	88
PID 3720 wrote to memory of 4764	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	88
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 3720 wrote to memory of 4676	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	89
PID 4764 wrote to memory of 3972	4764	msedge.exe	90
PID 4764 wrote to memory of 3972	4764	msedge.exe	90
PID 3720 wrote to memory of 5776	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	357
PID 3720 wrote to memory of 5776	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	357
PID 3720 wrote to memory of 5776	3720	JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe	357
PID 4764 wrote to memory of 4572	4764	msedge.exe	94
PID 4764 wrote to memory of 4572	4764	msedge.exe	94
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95
PID 4764 wrote to memory of 1436	4764	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.teamviewer.com/th/index.aspx?pid=google.tv.s.int&gclid=CN21vIrFpbMCFcQc6wod0BAAKQ
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ff81de4f208,0x7ff81de4f214,0x7ff81de4f220
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1728,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2140,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2376,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
    3⤵
    PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5052,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3456,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
    3⤵
    PID:2316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
    3⤵
    PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:8
    3⤵
    PID:712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5808,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
    3⤵
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
    3⤵
    PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6468,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:8
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,15138874278213230358,3033432167012684042,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8
    3⤵
    PID:3200
- C:\Users\Admin\AppData\Roaming\Tase.exe
  C:\Users\Admin\AppData\Roaming\Tase.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4676
- C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
  "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:5776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4476
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:612
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5860
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5588
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  PID:1624
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2912
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5204
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2056
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4228
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1524
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:3696
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4400
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2936
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:3264
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4516
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:4272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2092
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:3740
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:2820
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4648
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:1708
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:5784
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4104
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5324
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:5928
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:4016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5288
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:3276
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:2344
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5792
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:3460
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:4276
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4272
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5452
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2832
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:3472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5096
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:212
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1684
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:4960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1140
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:2052
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5236
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:6112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2352
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4776
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:3040
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3228
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:920
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3264
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3252

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5196
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4432
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:1868
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:5600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2032
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4736
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3016
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5604
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:1624
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:3772
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:316
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6044
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5268
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:4016
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3432

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4564
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4720
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    PID:1140
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:2668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5552
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:836
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1520
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5776
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:3264
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5284
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3224
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5764
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5252
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:2984
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:5780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5052
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:5684
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:876
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:4384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:220
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:2596
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1880
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5956
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:3620
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3328
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:2668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1104
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:4776
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:720
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2628
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:4640
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4484
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:4140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5744
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:4396
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2284
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5764
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5016
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5604
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:2088
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:3552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3976
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:1016
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:4404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2812
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:5296
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5432
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:3200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:672
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:4488
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3060
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5452
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2628
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:2664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3560
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:1592
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4552
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:6000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5188
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  PID:4648
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6104
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    - Adds Run key to start application
    PID:4600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  - Suspicious use of SetThreadContext
  PID:3536
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5684
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4104
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4404
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1480
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5000
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3576
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4488
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1296
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5844
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3460
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5680
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5780
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5764
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3716
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:6072
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5604
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4864
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5204
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3976
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4980
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2052
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5404
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3224
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5776
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5652
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3952
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2676
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3164
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1084
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1452
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2152
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5280
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4668
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3212
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5600
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5764
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:3536
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1916
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:952
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1248
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1508
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5608
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1836
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5376
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:884
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4888
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1480
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5024
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2128
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1704
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4432
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5668
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6008
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:816
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5740
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3288
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1832
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1860
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5316
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5224
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5480
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3740
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5280
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3216
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1048
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3924
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2612
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5276
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3500
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3848
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4864
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3312
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:3552
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4720
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5316
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5988
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2564
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:6100
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5416
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2076
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4688
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5140
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4932
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3848
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5136
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4808
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4404
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4460

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5804
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5936
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4848
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6048
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5600
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2972
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4220
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3676
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5044
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5388
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5480
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4112
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5324
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3240
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5152
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5444
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4536
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:740
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1152
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3224
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5712
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3704
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4040
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:6096
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1200
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3500
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1896
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3168
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4224
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3312
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5788
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3684
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3240
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:6116
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5344
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5628
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1424
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4600
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5796
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2860
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2924
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5044
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5552
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5480
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2356
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3812
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5852
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5360
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1928
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2088
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2592
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4960
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4588
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4428
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1912
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2028
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3676
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3264
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1776
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1716
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:812
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4112
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5284
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5104
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4092
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5040
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4608
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2128
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4960
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5504
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4252

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2844
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1296
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1044
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3860
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1184
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4116
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3276
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6008
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:812
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2484
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5268
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5260
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3912
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2860
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5608
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5388
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2056
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5852

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5464
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2244
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1704
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3408
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1340
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4252
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5708
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1296
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3716
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5296
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3200
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4524
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4584
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5972
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3980
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3900
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4652
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1908
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5344
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:940
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5000
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1328
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4688
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2212
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4128
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4140
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2056
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5152
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5676
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4848
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5764
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5796
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:212
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4396
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5552
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3924
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1456
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1192
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2816
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5052
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5596
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2356
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5680
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2324
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1928
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1188
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4888
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5708
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5508
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3620
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:6128
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5388
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1192
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1904
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4112
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2056
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1132
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2088
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5140
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4648
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:628
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1896
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2212
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3236
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5852
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5116
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:404
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3496
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1928
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5480
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4396
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5688
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3684
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:6128
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5292
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4696
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5920
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1168
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5116
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5964
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3496
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4488
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1280
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5296
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2948
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5360
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1044
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3168

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3676
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5756
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1084
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1740
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2520
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3760
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3900
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2152
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:836
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5708
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2948
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3860
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4688
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5032
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5384
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5104
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4372
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2244
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:456
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1508
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4292
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:920
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2664
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4752
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4128
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3860
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:640
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4364
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5620
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1504
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1704
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3768
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3284
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5452
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2776
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4384
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3820
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2976
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4608
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3684
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3860
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5976
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5880
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4364
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1016
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1248
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5716
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5764
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3980
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4356
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5540
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2776
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1104
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3264
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2056
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:512
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2588
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5836
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2780
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5320
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5368
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3616
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5840
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2468
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5568
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3168
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4688
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5620
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3408
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:976
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1132
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5188
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4172
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2204
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5964
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3616
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3732
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4808
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4872
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4460
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1452
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2612
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5288
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1716
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3760
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:940
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2924
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1356
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3672
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4688
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5920
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5384
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1740
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5836
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5652
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4404
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2356
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5780
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:940
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5252
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3876
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5296
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2992
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1508
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:848
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2976
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3424
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3620
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5392
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1904
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5136
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2796
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4640
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5268
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5680
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2780
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2232
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4788
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4648
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4652
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3860
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3620
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5756
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5288
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5820
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2056
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:940
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2776
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3876
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2212
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5764
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2076
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5540
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4652
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1932
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5480
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5988
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4436
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3924
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5796
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4904
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5692
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:628
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5536
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:512
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:224
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4724
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3312
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4364
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3716
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5268
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2924
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5628
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:848
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2264
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:6116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:404
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1740
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5024
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1048
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5000
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5196
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2776
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2924
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5692
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:848
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5136
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5688
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5252
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5428
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:900
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1356
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2900
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2948
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2468
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3812
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5628
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2084
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3180
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2356
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4724
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5356
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1012
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4364
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:6128
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4600
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5744
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:2972
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1488
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5552
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4744
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5596
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:372
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5252
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:900
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1260
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:6116
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5368
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:244
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5384
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3236
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3472
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5696
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5152
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5912
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:3224
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5032
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1340
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2292
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:6116
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5228
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5188
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5340
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4536
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4540
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:4112
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5024
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:2800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:900
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4292
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5604
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5520
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3812
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:1704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:244
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:2520
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:3704
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:3732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5252
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:456
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:5000
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:1324
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:4116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1132
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:3496
- - C:\Users\Admin\AppData\Roaming\Tase.exe
    C:\Users\Admin\AppData\Roaming\Tase.exe
    3⤵
    PID:5772
- - C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe
    "C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe"
    3⤵
    PID:5428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\TeamViewer.exe
1⤵
PID:1812
- C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  C:\Users\Admin\AppData\Roaming\TeamViewer.exe
  2⤵
  PID:4580

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4764_1246567356\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4764_1246567356\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4764_125338700\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4764_609313350\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\MmPSMVcYo.exe.log

Filesize
20B

MD5
b3ac9d09e3a47d5fd00c37e075a70ecb

SHA1
ad14e6d0e07b00bd10d77a06d68841b20675680b

SHA256
7a23c6e7ccd8811ecdf038d3a89d5c7d68ed37324bae2d4954125d9128fa9432

SHA512
09b609ee1061205aa45b3c954efc6c1a03c8fd6b3011ff88cf2c060e19b1d7fd51ee0cb9d02a39310125f3a66aa0146261bdee3d804f472034df711bc942e316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\TeamViewer.exe.log

Filesize
128B

MD5
a5dcc7c9c08af7dddd82be5b036a4416

SHA1
4f998ca1526d199e355ffb435bae111a2779b994

SHA256
e24033ceec97fd03402b03acaaabd1d1e378e83bb1683afbccac760e00f8ead5

SHA512
56035de734836c0c39f0b48641c51c26adb6e79c6c65e23ca96603f71c95b8673e2ef853146e87efc899dd1878d0bbc2c82d91fbf0fce81c552048e986f9bb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
991dd8fbe9a0cd6dc3637646bc73b6fe

SHA1
cd33a4c3c2cea06b41e5388826af365691769de4

SHA256
7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4

SHA512
b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
270KB

MD5
60f64db289e7076c183195a5b35c179c

SHA1
92ed81876bffeda07b81d266cf48735ab3265419

SHA256
cd594cff36c1f00800b4cb0684dab26bc2f442c9302d9e0a7c5cec17fbd1236c

SHA512
3b00b9045c7a70f663d4fac6cf50f0c24b7f5c544f7474512f17877b39021573585fae35eca8fa1c2f157a5080d294437a1261a2afe3ca20b02318077a7e2c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ce24a3c6092098a34877e6f9e400263a

SHA1
91ea03e18dc549a7a35ce50cacdea7495a93f6b9

SHA256
b30c85b089711973f7a4a0a6814eb3451c02143347645bd45060a00f3d0323d8

SHA512
97a0066f3250efec76f714d57f021c33b21ac340d1a064f0d59a11dd1fd4c82061256262f0ec8733791afc289ae97f002a313df2ae66cd9f13b70f765ec18c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581122.TMP

Filesize
2KB

MD5
7deec6a5ec4a36649ef7455737cfe23b

SHA1
0b26245557000d9c6533acca3597ec11fe3748f0

SHA256
92c2291d29edaa24dc25e9b38d9858e5acdc930c4ff8b566fd1bcc021b6722a8

SHA512
5d08e92c4b522b02c04bf78493ce78aaa4e165fbb32d32ba307a6074fc77ba8b4d5c2b459f8abb3a6383cca326fbedceb604944039f5be600210563f258619c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e17356fafb119d8d81681e273ec8e90b

SHA1
f8d0f5ee62c36deeffd9864b8329c87a10435fdc

SHA256
2d1d0efed46b91c58b49cd79e40f2631b84ea3d6e0404e7c42f61e3e43debb8f

SHA512
935326d0cd899f1f0357741889604eeeb342bd775bde7edf3e27b9223189c335686935ce18f40c96e4a8778be8bb2c71f6038958fe7b41045d9fccba8d1f7e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e9118f516392836af3e01f8431ce5391

SHA1
8dd896d4f81d4ce7d580f59983a4caef58984253

SHA256
a611b3a84fd32699a5ce0cea78fea995f43fe09c1a1e93d04cc65f1be0d66cbe

SHA512
b801e47714789332bf3da61c24dadce035a2fc1339b49ab63f99b9c6e7247e4bc2111b68f42a7c09fc9a39ed836b3c95296f79668dcfbf3f7f8219c548034b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b43750f3247ad14c254f1d257d7f2735

SHA1
ca706d6299cce75ac4c5e5d917f149b495a73cdf

SHA256
bcb2e9656ed83a66cfb2a0364a92b6c8eb829bf37bb200aad29252f47ebb13b9

SHA512
a917463a3273592ec407a47e2eb1aa772f615cbf1cffe6f0a0d32015e931c37415e4527ef3f31258813a11375bc069def25a972851aa23472baf1edb82ddc13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0b9fbec8734421f90493d6c2717ef66d

SHA1
3a62163a806e9fe8ab853471b32c872f4a98d10f

SHA256
0a822b0c28546d61ffac599ec15d86b0cb052eefb5efa511186984fb8ac08c7f

SHA512
861657a98c32a58fe5d087a6b470552b26c650e6a0403383b52d97ed1d5658d562092f391bbf077c24df58264311a797cc33a791a4615e262bf0c9e1d44ce9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
caab26eeebc95081d3e81c040d29bf92

SHA1
d81b14bae5d0d606d32e81992ade4cb4241a91e8

SHA256
65042d1de62f030286f6b97ca7b7b3472f593e20dd435a07a9c93f6a73917410

SHA512
788837b65644e6aa40eb46b6186aee18601ed8343516a2c174f9603c3a5699af5dbae19aea89ab439c0e2ee8973b5489bba2eb2703c7246f2febd490fbd32e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
956c7b4a10ac111d5cd21db44cf48174

SHA1
80088657843879776836f0de16773e9c72b2f8c2

SHA256
6dd8d993d7ab70d236f905281ef68625108bd0408407f0ce494ddf46d3e7d174

SHA512
6a9d98652846beefd6ecb095e773842685f0ed84df31481bd9d8af23e3f494e036129396a30266c1d03213f07b3df081412fb2422804e7a4b4876310887c9004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
188079eeade3d75d03fa16d13922550f

SHA1
0e3c3108daa0d02d99214c8c74e12f89a6d3196e

SHA256
3571b7a28ca3814255ced3aed3b6e879c6204a0ed50565aa854c291abede2c8c

SHA512
2b8a8e7f213dd4e021c11d376c32b9990f012756ce48a33a670b2d7b2935e3316147628dc6f851646f6b976a20d80d476117f51144bfefd8d8302a1138d7eb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
898B

MD5
dcb35e78d9adbfa877ae59aa43acc2e0

SHA1
741eed530b5d04e17a7cdf9d91182d8d3454e5b8

SHA256
fcabfd22b71b34aa6a93ea63e1542afc237880215b486b0488875f6c2ef16137

SHA512
57f5e8111c438e00141090069aef3a52c158114a3118e423f9cf9872eb5512785fd1b2f5847aa539f088ef89bc2d6883e77f7e397b979b1834ae3af3fb1ce6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
342d554e6f8cf78253858e6d48eb5c05

SHA1
66058de26256d7d36de92bc77a0fa25eda9b977f

SHA256
16f689912bc4fa86776f4c2a0ad5cdf9e6ab35ac395fb6db02173d55db6ed9bb

SHA512
0fd1512502a4898ed297d1f89ad183be27e684036708612d3e09f4172def86d0305a78742cde672e90be9483d4a16d86b3d6137c71485b76b339db707fa0243a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8fe1018540bab9b1f4338a2138b0a539

SHA1
9bd682408b9ef00accdcd86941b0f9b4e0b8c902

SHA256
299b73aa747984a2029a1cf16d1468d7852de4fb7f64393db478ba210b3dd8b2

SHA512
b16ababd3cfeb07133a34ace34154d18c8d78671161ea6bdd1e187285d9ee68a1daf504d5a2bfe66dd9823b4edf3b96796868d37cf68992289d22fd245b02120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
2ffca5424e438658a86bf8366566cdca

SHA1
f07ef581a1a0a67520d3bd5ba8ca85ecdbd3eade

SHA256
e15b50b66be68d8667caf4f1dfbeb3a0ade509efcfff0ee78ac0ba29a441c902

SHA512
61bea7950b8638c98c6835f31175847eea8adfe87d627af20f1f24c5ce2ef99aa8cb3e769af27c133856ce090032b8447ae9710e49ed4fda291ecb269ea4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
8c24f9288a22fbc83317e631f37922ba

SHA1
bf46312ef84d7181a36566f6f36bd2219b8c6fbb

SHA256
c3901f96c118625ebcb30de8e9aa3e88f6bfb5f65319b9924bdb5f4c5d39b779

SHA512
1abd4f5a2081481af2754715d0dfcef6b35266346767029c19d6bb1c3cd9166c9e6a5d138775fd98dfebbbd03e7314b7721caa2d05d4bc4cdc8eec9724fc8cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
535c2209879ee4f11e37865fc63bd017

SHA1
92de1a63b2b27b85f0f4ed4945e65e2625eb5483

SHA256
e358564c1bd1807deca4d663b02aae32944739cd535fad4db970548d7d3f74c7

SHA512
781100e887c8ee88f948d46e34435923874d6f2df5f7e089da9bebcdcc400366ca6e2572f454b3eccce684765ec912a31481e7fee851113c121e541f8106f4ba

Download Submit
C:\Users\Admin\AppData\Roaming\MmPSMVcYo.exe

Filesize
4KB

MD5
9950d519690b00bcc5dd281b08cf6ad7

SHA1
07c5adfbabdfc7fbaebc9bab177cc4bdca87595d

SHA256
f39ed513702397450a0c13ff423459561c9946aaa3fdad746ab3ed9e72782a5e

SHA512
443fe0cfe93fdf0c8b45d260c474f183a15cc468fcd4dbf458d396acbeb435393fdeceec227290edef97917fce7afc2c32a8bc9ffff864be312c28b6c574468b

Download Submit
C:\Users\Admin\AppData\Roaming\Tase.exe

Filesize
1KB

MD5
56fdff8b5d2d255f16e144e64c75a6d2

SHA1
eb97c3f04898f1de3df4e07d773a97e43ed818c2

SHA256
a7d1c0721198d92da90f890db26c996b7c33a5c22b812f62cc4eb68a5ff4f375

SHA512
65f9956973a48d3d5151e9718b64c6b370b4b0bd05d48cb66627e04c865d81378fb5ae6b07581400a13b20723c6146b847e1e8fc17087e603f4980cb50cd5fc3

Download Submit
C:\Users\Admin\AppData\Roaming\TeamViewer.exe

Filesize
1.0MB

MD5
bb23e0f33180784f3f718c06fd3060fa

SHA1
508c944fb1bf162e6c383e484d4dd3e47543e9e1

SHA256
e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d

SHA512
8916f83162b57835aeee4819c093b20750da177316c3f21047214b439dba9b812f5097706bee27abb84d8a669159ab20f0d01e813dc3540a2cb3ab589cb28daa

Download Submit
memory/1684-390-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2344-302-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2820-176-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2832-338-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2912-108-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/3040-475-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/3720-31-0x0000000074710000-0x0000000074CC1000-memory.dmp

Filesize
5.7MB

Download
memory/3720-0-0x0000000074712000-0x0000000074713000-memory.dmp

Filesize
4KB

Download
memory/3720-2-0x0000000074710000-0x0000000074CC1000-memory.dmp

Filesize
5.7MB

Download
memory/3720-1-0x0000000074710000-0x0000000074CC1000-memory.dmp

Filesize
5.7MB

Download
memory/4228-125-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4276-319-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4400-142-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4516-159-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4676-13-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4676-6-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4676-11-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4676-23-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4676-21-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/4676-10-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/5236-462-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/5776-461-0x0000000074710000-0x0000000074CC1000-memory.dmp

Filesize
5.7MB

Download
memory/5776-27-0x0000000074712000-0x0000000074713000-memory.dmp

Filesize
4KB

Download
memory/5776-29-0x0000000074710000-0x0000000074CC1000-memory.dmp

Filesize
5.7MB

Download
memory/5784-257-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/5860-88-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/5928-285-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads