Analysis
-
max time kernel
30s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2025, 14:03
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral2
Sample
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
Resource
win11-20250410-en
General
-
Target
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
-
Size
314KB
-
MD5
be5dbf9ab1a88104a95f8cc17a9642b3
-
SHA1
763db9b2eb00cd1081e27b378d71af89814df232
-
SHA256
8289f1c5a6c0c0235ad20c132054ac1bfc147c4ca4acecf47cf357000e2e7978
-
SHA512
d769cb215c9dd18836b93e1777cb3bdcba3aca6de3ef3661d35f206740ccd2c8d17b040f16ebfd4e2e4848eee3d00eeae08fb33b667f1ab90d5b5c858bbca10f
-
SSDEEP
6144:FbK4ZGRxA2CWBAycsoui1NBXU2sh4dXOHuVt2GuhhzRq4K5RN:dK/xLIIou4TXFQHuSptHK3N
Malware Config
Extracted
latentbot
magicalmage.zapto.org
1magicalmage.zapto.org
2magicalmage.zapto.org
3magicalmage.zapto.org
4magicalmage.zapto.org
5magicalmage.zapto.org
6magicalmage.zapto.org
7magicalmage.zapto.org
8magicalmage.zapto.org
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 17 IoCs
resource yara_rule behavioral1/memory/4432-7-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4432-6-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/5856-24-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/3036-31-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4888-67-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4936-62-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/812-76-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/400-85-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/540-121-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/5748-138-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4432-496-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2488-137-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/780-116-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/5896-103-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/1756-95-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4548-49-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/4708-44-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades -
Latentbot family
-
Modifies firewall policy service 3 TTPs 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe = "C:\\Users\\Admin\\AppData\\Roaming\\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" reg.exe -
Blocklisted process makes network request 1 IoCs
flow pid Process 20 3176 Process not Found -
Executes dropped EXE 64 IoCs
pid Process 5852 WindowsTM.exe 4432 WindowsTM.exe 2940 WindowsTM.exe 5856 WindowsTM.exe 2000 WindowsTM.exe 3036 WindowsTM.exe 4696 WindowsTM.exe 4784 WindowsTM.exe 4708 WindowsTM.exe 4548 WindowsTM.exe 2432 WindowsTM.exe 5780 WindowsTM.exe 4936 WindowsTM.exe 4888 WindowsTM.exe 2460 WindowsTM.exe 812 WindowsTM.exe 5940 WindowsTM.exe 400 WindowsTM.exe 4328 WindowsTM.exe 1756 WindowsTM.exe 1232 WindowsTM.exe 5896 WindowsTM.exe 1476 WindowsTM.exe 4848 WindowsTM.exe 780 WindowsTM.exe 540 WindowsTM.exe 1396 WindowsTM.exe 1192 WindowsTM.exe 2488 WindowsTM.exe 5748 WindowsTM.exe 1636 WindowsTM.exe 5204 WindowsTM.exe 5592 WindowsTM.exe 5040 WindowsTM.exe 5932 WindowsTM.exe 1528 WindowsTM.exe 5912 WindowsTM.exe 392 WindowsTM.exe 5148 WindowsTM.exe 5852 WindowsTM.exe 4116 WindowsTM.exe 2916 WindowsTM.exe 4316 WindowsTM.exe 5288 WindowsTM.exe 4716 WindowsTM.exe 5004 WindowsTM.exe 4780 WindowsTM.exe 860 WindowsTM.exe 5636 WindowsTM.exe 5876 WindowsTM.exe 5648 WindowsTM.exe 4800 WindowsTM.exe 4544 WindowsTM.exe 1964 WindowsTM.exe 2540 WindowsTM.exe 3880 WindowsTM.exe 4912 WindowsTM.exe 4488 WindowsTM.exe 4328 WindowsTM.exe 3684 WindowsTM.exe 472 WindowsTM.exe 1464 WindowsTM.exe 4252 WindowsTM.exe 5032 WindowsTM.exe -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 5852 set thread context of 4432 5852 WindowsTM.exe 88 PID 2940 set thread context of 5856 2940 WindowsTM.exe 92 PID 2000 set thread context of 3036 2000 WindowsTM.exe 104 PID 4696 set thread context of 4708 4696 WindowsTM.exe 114 PID 4784 set thread context of 4548 4784 WindowsTM.exe 115 PID 2432 set thread context of 4936 2432 WindowsTM.exe 122 PID 5780 set thread context of 4888 5780 WindowsTM.exe 124 PID 2460 set thread context of 812 2460 WindowsTM.exe 129 PID 5940 set thread context of 400 5940 WindowsTM.exe 133 PID 4328 set thread context of 1756 4328 WindowsTM.exe 137 PID 1232 set thread context of 5896 1232 WindowsTM.exe 141 PID 1476 set thread context of 780 1476 WindowsTM.exe 146 PID 4848 set thread context of 540 4848 WindowsTM.exe 149 PID 1396 set thread context of 2488 1396 WindowsTM.exe 154 PID 1192 set thread context of 5748 1192 WindowsTM.exe 155 PID 1636 set thread context of 5592 1636 WindowsTM.exe 162 PID 5204 set thread context of 5040 5204 WindowsTM.exe 163 PID 5932 set thread context of 5912 5932 WindowsTM.exe 170 PID 1528 set thread context of 392 1528 WindowsTM.exe 171 PID 5148 set thread context of 2916 5148 WindowsTM.exe 178 PID 5852 set thread context of 4116 5852 WindowsTM.exe 179 PID 5288 set thread context of 4716 5288 WindowsTM.exe 186 PID 4316 set thread context of 5004 4316 WindowsTM.exe 1138 PID 4780 set thread context of 5636 4780 WindowsTM.exe 194 PID 860 set thread context of 5876 860 WindowsTM.exe 195 PID 4800 set thread context of 4544 4800 WindowsTM.exe 202 PID 5648 set thread context of 1964 5648 WindowsTM.exe 203 PID 2540 set thread context of 4912 2540 WindowsTM.exe 211 PID 3880 set thread context of 4488 3880 WindowsTM.exe 212 PID 3684 set thread context of 472 3684 WindowsTM.exe 818 PID 4328 set thread context of 1464 4328 WindowsTM.exe 220 PID 4252 set thread context of 4044 4252 WindowsTM.exe 227 PID 5032 set thread context of 4712 5032 WindowsTM.exe 228 PID 2480 set thread context of 2496 2480 WindowsTM.exe 235 PID 2312 set thread context of 5364 2312 WindowsTM.exe 236 PID 1636 set thread context of 1212 1636 WindowsTM.exe 243 PID 916 set thread context of 5384 916 WindowsTM.exe 244 PID 2184 set thread context of 3208 2184 WindowsTM.exe 251 PID 1488 set thread context of 1904 1488 WindowsTM.exe 252 PID 2100 set thread context of 4268 2100 WindowsTM.exe 259 PID 2212 set thread context of 3196 2212 WindowsTM.exe 260 PID 5668 set thread context of 4664 5668 WindowsTM.exe 267 PID 4036 set thread context of 5124 4036 WindowsTM.exe 1158 PID 2128 set thread context of 3028 2128 WindowsTM.exe 275 PID 3184 set thread context of 4780 3184 WindowsTM.exe 192 PID 2856 set thread context of 4932 2856 WindowsTM.exe 283 PID 5792 set thread context of 4184 5792 WindowsTM.exe 284 PID 4952 set thread context of 4972 4952 WindowsTM.exe 291 PID 4808 set thread context of 3880 4808 WindowsTM.exe 210 PID 2052 set thread context of 3316 2052 WindowsTM.exe 298 PID 2320 set thread context of 3708 2320 WindowsTM.exe 302 PID 3596 set thread context of 6136 3596 WindowsTM.exe 214 PID 3528 set thread context of 6048 3528 WindowsTM.exe 308 PID 3432 set thread context of 2168 3432 WindowsTM.exe 315 PID 2956 set thread context of 1520 2956 WindowsTM.exe 221 PID 5084 set thread context of 1168 5084 WindowsTM.exe 229 PID 2332 set thread context of 4904 2332 WindowsTM.exe 412 PID 5224 set thread context of 5836 5224 WindowsTM.exe 1786 PID 2176 set thread context of 5508 2176 WindowsTM.exe 332 PID 1688 set thread context of 1784 1688 WindowsTM.exe 339 PID 1000 set thread context of 3980 1000 WindowsTM.exe 340 PID 5392 set thread context of 6060 5392 WindowsTM.exe 347 PID 5180 set thread context of 6084 5180 WindowsTM.exe 166 PID 5388 set thread context of 4392 5388 WindowsTM.exe 355 -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe -
Modifies registry key 1 TTPs 4 IoCs
pid Process 4628 reg.exe 4792 reg.exe 4772 reg.exe 4776 reg.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: 1 4432 WindowsTM.exe Token: SeCreateTokenPrivilege 4432 WindowsTM.exe Token: SeAssignPrimaryTokenPrivilege 4432 WindowsTM.exe Token: SeLockMemoryPrivilege 4432 WindowsTM.exe Token: SeIncreaseQuotaPrivilege 4432 WindowsTM.exe Token: SeMachineAccountPrivilege 4432 WindowsTM.exe Token: SeTcbPrivilege 4432 WindowsTM.exe Token: SeSecurityPrivilege 4432 WindowsTM.exe Token: SeTakeOwnershipPrivilege 4432 WindowsTM.exe Token: SeLoadDriverPrivilege 4432 WindowsTM.exe Token: SeSystemProfilePrivilege 4432 WindowsTM.exe Token: SeSystemtimePrivilege 4432 WindowsTM.exe Token: SeProfSingleProcessPrivilege 4432 WindowsTM.exe Token: SeIncBasePriorityPrivilege 4432 WindowsTM.exe Token: SeCreatePagefilePrivilege 4432 WindowsTM.exe Token: SeCreatePermanentPrivilege 4432 WindowsTM.exe Token: SeBackupPrivilege 4432 WindowsTM.exe Token: SeRestorePrivilege 4432 WindowsTM.exe Token: SeShutdownPrivilege 4432 WindowsTM.exe Token: SeDebugPrivilege 4432 WindowsTM.exe Token: SeAuditPrivilege 4432 WindowsTM.exe Token: SeSystemEnvironmentPrivilege 4432 WindowsTM.exe Token: SeChangeNotifyPrivilege 4432 WindowsTM.exe Token: SeRemoteShutdownPrivilege 4432 WindowsTM.exe Token: SeUndockPrivilege 4432 WindowsTM.exe Token: SeSyncAgentPrivilege 4432 WindowsTM.exe Token: SeEnableDelegationPrivilege 4432 WindowsTM.exe Token: SeManageVolumePrivilege 4432 WindowsTM.exe Token: SeImpersonatePrivilege 4432 WindowsTM.exe Token: SeCreateGlobalPrivilege 4432 WindowsTM.exe Token: 31 4432 WindowsTM.exe Token: 32 4432 WindowsTM.exe Token: 33 4432 WindowsTM.exe Token: 34 4432 WindowsTM.exe Token: 35 4432 WindowsTM.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4432 WindowsTM.exe 4432 WindowsTM.exe 4432 WindowsTM.exe 5856 WindowsTM.exe 5856 WindowsTM.exe 3036 WindowsTM.exe 3036 WindowsTM.exe 4708 WindowsTM.exe 4708 WindowsTM.exe 4548 WindowsTM.exe 4548 WindowsTM.exe 4936 WindowsTM.exe 4936 WindowsTM.exe 4888 WindowsTM.exe 4888 WindowsTM.exe 812 WindowsTM.exe 812 WindowsTM.exe 400 WindowsTM.exe 400 WindowsTM.exe 1756 WindowsTM.exe 1756 WindowsTM.exe 5896 WindowsTM.exe 5896 WindowsTM.exe 780 WindowsTM.exe 780 WindowsTM.exe 540 WindowsTM.exe 540 WindowsTM.exe 2488 WindowsTM.exe 2488 WindowsTM.exe 5748 WindowsTM.exe 5748 WindowsTM.exe 5592 WindowsTM.exe 5592 WindowsTM.exe 5040 WindowsTM.exe 5040 WindowsTM.exe 5912 WindowsTM.exe 392 WindowsTM.exe 5912 WindowsTM.exe 392 WindowsTM.exe 4116 WindowsTM.exe 4116 WindowsTM.exe 2916 WindowsTM.exe 2916 WindowsTM.exe 4716 WindowsTM.exe 4716 WindowsTM.exe 5004 WindowsTM.exe 5004 WindowsTM.exe 5876 WindowsTM.exe 5876 WindowsTM.exe 5636 WindowsTM.exe 5636 WindowsTM.exe 1964 WindowsTM.exe 4544 WindowsTM.exe 1964 WindowsTM.exe 4544 WindowsTM.exe 4912 WindowsTM.exe 4912 WindowsTM.exe 4488 WindowsTM.exe 4488 WindowsTM.exe 472 WindowsTM.exe 1464 WindowsTM.exe 472 WindowsTM.exe 1464 WindowsTM.exe 4044 WindowsTM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5880 wrote to memory of 5852 5880 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 177 PID 5880 wrote to memory of 5852 5880 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 177 PID 5880 wrote to memory of 5852 5880 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 177 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 5852 wrote to memory of 4432 5852 WindowsTM.exe 88 PID 3092 wrote to memory of 2940 3092 cmd.exe 180 PID 3092 wrote to memory of 2940 3092 cmd.exe 180 PID 3092 wrote to memory of 2940 3092 cmd.exe 180 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 2940 wrote to memory of 5856 2940 WindowsTM.exe 92 PID 4432 wrote to memory of 5736 4432 WindowsTM.exe 93 PID 4432 wrote to memory of 5736 4432 WindowsTM.exe 93 PID 4432 wrote to memory of 5736 4432 WindowsTM.exe 93 PID 4432 wrote to memory of 4356 4432 WindowsTM.exe 94 PID 4432 wrote to memory of 4356 4432 WindowsTM.exe 94 PID 4432 wrote to memory of 4356 4432 WindowsTM.exe 94 PID 4432 wrote to memory of 4368 4432 WindowsTM.exe 466 PID 4432 wrote to memory of 4368 4432 WindowsTM.exe 466 PID 4432 wrote to memory of 4368 4432 WindowsTM.exe 466 PID 4432 wrote to memory of 2500 4432 WindowsTM.exe 96 PID 4432 wrote to memory of 2500 4432 WindowsTM.exe 96 PID 4432 wrote to memory of 2500 4432 WindowsTM.exe 96 PID 5184 wrote to memory of 2000 5184 cmd.exe 103 PID 5184 wrote to memory of 2000 5184 cmd.exe 103 PID 5184 wrote to memory of 2000 5184 cmd.exe 103 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 2000 wrote to memory of 3036 2000 WindowsTM.exe 104 PID 4356 wrote to memory of 4628 4356 cmd.exe 191 PID 4356 wrote to memory of 4628 4356 cmd.exe 191 PID 4356 wrote to memory of 4628 4356 cmd.exe 191 PID 2692 wrote to memory of 4696 2692 cmd.exe 109 PID 2692 wrote to memory of 4696 2692 cmd.exe 109 PID 2692 wrote to memory of 4696 2692 cmd.exe 109 PID 2300 wrote to memory of 4784 2300 cmd.exe 110 PID 2300 wrote to memory of 4784 2300 cmd.exe 110 PID 2300 wrote to memory of 4784 2300 cmd.exe 110 PID 2500 wrote to memory of 4776 2500 cmd.exe 111 PID 2500 wrote to memory of 4776 2500 cmd.exe 111 PID 2500 wrote to memory of 4776 2500 cmd.exe 111 PID 5736 wrote to memory of 4772 5736 cmd.exe 112 PID 5736 wrote to memory of 4772 5736 cmd.exe 112 PID 5736 wrote to memory of 4772 5736 cmd.exe 112 PID 4368 wrote to memory of 4792 4368 cmd.exe 683 PID 4368 wrote to memory of 4792 4368 cmd.exe 683 PID 4368 wrote to memory of 4792 4368 cmd.exe 683 PID 4696 wrote to memory of 4708 4696 WindowsTM.exe 114
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:5880 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5852 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4432 -
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Suspicious use of WriteProcessMemory
PID:5736 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:4772
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe:*:Enabled:Windows Messanger" /f4⤵
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:4628
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Suspicious use of WriteProcessMemory
PID:4368 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:4792
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" /f4⤵
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:4776
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:3092 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:5184 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4696 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4784 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4548
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4576
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:2432 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5780 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2460 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1984
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5940 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:400
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4328 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1232 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2528
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1476 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4156
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4848 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2176
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:2428
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1396 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1052
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:1760
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1192 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5748
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3664
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1636 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5204 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5264
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5932 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1528 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1376
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5852 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5148 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5288 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4316 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3612
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:4628
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:860 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4780 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5648 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1964
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5756
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4800 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6076
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2540 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3880 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4328 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6136
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3684 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5032 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4252 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Suspicious use of SetWindowsHookEx
PID:4044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:2480 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2332
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2312 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5364
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1636 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:916 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6140
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2184 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:1488 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1660
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:2212 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2932
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2100 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:5668 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4036 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1600
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3184 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3092
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2128 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2856 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:5792 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:4952 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4972
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4808 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2320 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2052 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:3596 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:3528 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:6048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:316
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2956 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2140
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:3432 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1192
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:5084 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2332 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3664
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:2176 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5508
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5268
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5224 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2136
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:1000 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4824
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1688 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:5392 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:5180 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2380
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Suspicious use of SetThreadContext
PID:5388 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5900
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:5812 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:3092 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3300
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3176
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4576 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4256
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1308
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2012 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2648
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1484
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4760
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4816
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5192 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3676
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4820
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2516 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:32
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1848
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4092
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:3468 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1980
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5872 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4344
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5260 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5692
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5368
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:4776 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:100 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4220
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2620
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1616 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3160
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:60
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4620
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:1680
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3616
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2052 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3624
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:4368
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2460
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4224 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:3304 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5548 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2736 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:6124 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3468
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3856
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5600
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:2100 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:5852 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:3644 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1532
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3092
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4476 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4108
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:1912 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4684
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3176
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3612
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2456
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4892
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1340 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1880 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3268
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2288
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3596
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:4468 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:748
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3724
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:1068 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1636
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2452
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5948
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5264
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2324 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4532
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2256
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4908
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:1912
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2384
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:560
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4692
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1196 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3668
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5308
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5396
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1480
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5852
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:5740 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3200
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5060
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3644
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5868
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4580
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1800 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1600
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4624
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:1476 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:2888 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4816
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4320 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2392
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1204
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4648 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:4496 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1592 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:3092 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2300
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5420
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3328
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1532
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1840
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3160
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2456
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2404
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:4224 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3304
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1636
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:6120 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1688
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5372
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3724
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5948
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:396 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5256
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2620 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:3328 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3700
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4368
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4240 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4620
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- System Location Discovery: System Language Discovery
PID:4764 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2320 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5092
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3504
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5268
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2212
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:472 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:744 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:2288 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4024
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:936
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1304
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1908 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5388 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2360
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2764
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5648
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3576
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:628
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:1880 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2140
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:5800 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4592
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4144
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5268
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:3616 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4496
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Adds Run key to start application
PID:5848 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4696
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1436
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5904
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2856
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5948
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4240
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5420
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2312
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4284
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4948
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5796
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5268
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:936
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2116
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2328
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3092
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3328
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1648
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5420
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3120
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2452
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1192
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5960
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2212
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1896
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1136
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5448
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5436
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5224
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3516
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4700
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5484
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5812
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1928
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2312
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4436
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1980
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4776
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5600
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4460
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2924
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5032
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4416
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5796
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1972
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2140
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:100
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4496
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4648
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4280
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5600
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2148
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4356
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5904
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3416
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2320
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4856
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2312
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3736
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5124
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1896
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5392
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1848
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5676
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4648
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1136
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4496
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1728
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4788
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5800
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2380
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4900
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4560
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3812
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2288
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:32
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2100
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1848
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1748
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5648
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2932
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4368
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5060
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5760
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:616
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5616
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5436
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:32
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1896
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2692
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1232
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5648
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3380
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2116
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4416
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4412
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3300
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4144
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4356
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5288
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5796
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1400
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4312
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1036
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3572
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1984
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3320
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5484
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4608
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5648
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4844
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5192
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2188
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2360
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:4028
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4368
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3580
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5760
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1256
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2588
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:460
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4376
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:32
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4792
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:4236
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3624
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5484
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5740
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3516
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4560
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5256
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:60
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵PID:5084
-
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3304
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5176
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5108
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3124
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1504
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:460
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5392
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1764
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4024
Network
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
314KB
MD5be5dbf9ab1a88104a95f8cc17a9642b3
SHA1763db9b2eb00cd1081e27b378d71af89814df232
SHA2568289f1c5a6c0c0235ad20c132054ac1bfc147c4ca4acecf47cf357000e2e7978
SHA512d769cb215c9dd18836b93e1777cb3bdcba3aca6de3ef3661d35f206740ccd2c8d17b040f16ebfd4e2e4848eee3d00eeae08fb33b667f1ab90d5b5c858bbca10f