Analysis
-
max time kernel
5s -
max time network
143s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system -
submitted
18/04/2025, 14:03
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral2
Sample
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
Resource
win11-20250410-en
General
-
Target
JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe
-
Size
314KB
-
MD5
be5dbf9ab1a88104a95f8cc17a9642b3
-
SHA1
763db9b2eb00cd1081e27b378d71af89814df232
-
SHA256
8289f1c5a6c0c0235ad20c132054ac1bfc147c4ca4acecf47cf357000e2e7978
-
SHA512
d769cb215c9dd18836b93e1777cb3bdcba3aca6de3ef3661d35f206740ccd2c8d17b040f16ebfd4e2e4848eee3d00eeae08fb33b667f1ab90d5b5c858bbca10f
-
SSDEEP
6144:FbK4ZGRxA2CWBAycsoui1NBXU2sh4dXOHuVt2GuhhzRq4K5RN:dK/xLIIou4TXFQHuSptHK3N
Malware Config
Extracted
latentbot
magicalmage.zapto.org
1magicalmage.zapto.org
2magicalmage.zapto.org
3magicalmage.zapto.org
4magicalmage.zapto.org
5magicalmage.zapto.org
6magicalmage.zapto.org
7magicalmage.zapto.org
8magicalmage.zapto.org
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 18 IoCs
resource yara_rule behavioral2/memory/4196-20-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5060-36-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/3112-56-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/1560-74-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5832-108-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/6140-127-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/4552-600-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5892-146-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/3592-141-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/1692-126-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5388-109-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/2568-91-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5172-90-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/2180-70-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5604-50-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/5100-37-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/4552-7-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral2/memory/4552-4-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades -
Latentbot family
-
Modifies firewall policy service 3 TTPs 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe = "C:\\Users\\Admin\\AppData\\Roaming\\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe -
Executes dropped EXE 64 IoCs
pid Process 5772 WindowsTM.exe 4552 WindowsTM.exe 5652 WindowsTM.exe 4196 WindowsTM.exe 4912 WindowsTM.exe 5096 WindowsTM.exe 5100 WindowsTM.exe 5060 WindowsTM.exe 4416 WindowsTM.exe 2416 WindowsTM.exe 5604 WindowsTM.exe 3112 WindowsTM.exe 4352 WindowsTM.exe 3452 WindowsTM.exe 2180 WindowsTM.exe 1560 WindowsTM.exe 2236 WindowsTM.exe 2748 WindowsTM.exe 2568 WindowsTM.exe 5172 WindowsTM.exe 232 WindowsTM.exe 228 WindowsTM.exe 5832 WindowsTM.exe 5388 WindowsTM.exe 3200 WindowsTM.exe 4740 WindowsTM.exe 1692 WindowsTM.exe 6140 WindowsTM.exe 4172 WindowsTM.exe 4696 WindowsTM.exe 3592 WindowsTM.exe 5892 WindowsTM.exe 708 WindowsTM.exe 568 WindowsTM.exe 5436 WindowsTM.exe 4868 WindowsTM.exe 5864 WindowsTM.exe 5952 WindowsTM.exe 4504 WindowsTM.exe 3472 WindowsTM.exe 5232 WindowsTM.exe 3192 WindowsTM.exe 3228 WindowsTM.exe 3460 WindowsTM.exe 5580 WindowsTM.exe 4644 WindowsTM.exe 3840 WindowsTM.exe 5920 WindowsTM.exe 3104 WindowsTM.exe 5956 WindowsTM.exe 3300 WindowsTM.exe 4992 WindowsTM.exe 1484 WindowsTM.exe 5340 WindowsTM.exe 5192 WindowsTM.exe 5800 WindowsTM.exe 4512 WindowsTM.exe 5784 WindowsTM.exe 2888 WindowsTM.exe 4816 WindowsTM.exe 2228 WindowsTM.exe 1424 WindowsTM.exe 3360 WindowsTM.exe 4388 WindowsTM.exe -
Adds Run key to start application 2 TTPs 33 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\WindowsTM.exe" WindowsTM.exe -
Suspicious use of SetThreadContext 32 IoCs
description pid Process procid_target PID 5772 set thread context of 4552 5772 WindowsTM.exe 81 PID 5652 set thread context of 4196 5652 WindowsTM.exe 85 PID 4912 set thread context of 5100 4912 WindowsTM.exe 99 PID 5096 set thread context of 5060 5096 WindowsTM.exe 100 PID 4416 set thread context of 5604 4416 WindowsTM.exe 110 PID 2416 set thread context of 3112 2416 WindowsTM.exe 111 PID 3452 set thread context of 2180 3452 WindowsTM.exe 118 PID 4352 set thread context of 1560 4352 WindowsTM.exe 119 PID 2748 set thread context of 2568 2748 WindowsTM.exe 126 PID 2236 set thread context of 5172 2236 WindowsTM.exe 127 PID 232 set thread context of 5832 232 WindowsTM.exe 134 PID 228 set thread context of 5388 228 WindowsTM.exe 135 PID 3200 set thread context of 1692 3200 WindowsTM.exe 142 PID 4740 set thread context of 6140 4740 WindowsTM.exe 143 PID 4172 set thread context of 3592 4172 WindowsTM.exe 150 PID 4696 set thread context of 5892 4696 WindowsTM.exe 153 PID 708 set thread context of 5436 708 WindowsTM.exe 158 PID 568 set thread context of 4868 568 WindowsTM.exe 159 PID 5864 set thread context of 4504 5864 WindowsTM.exe 166 PID 5952 set thread context of 3472 5952 WindowsTM.exe 167 PID 5232 set thread context of 3228 5232 WindowsTM.exe 174 PID 3192 set thread context of 3460 3192 WindowsTM.exe 175 PID 5580 set thread context of 3840 5580 WindowsTM.exe 182 PID 4644 set thread context of 5920 4644 WindowsTM.exe 183 PID 3104 set thread context of 3300 3104 WindowsTM.exe 190 PID 5956 set thread context of 4992 5956 WindowsTM.exe 191 PID 1484 set thread context of 5192 1484 WindowsTM.exe 198 PID 5340 set thread context of 5800 5340 WindowsTM.exe 199 PID 5784 set thread context of 2888 5784 WindowsTM.exe 206 PID 4512 set thread context of 4816 4512 WindowsTM.exe 207 PID 2228 set thread context of 3360 2228 WindowsTM.exe 214 PID 1424 set thread context of 4388 1424 WindowsTM.exe 215 -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsTM.exe -
Modifies registry key 1 TTPs 4 IoCs
pid Process 5044 reg.exe 4960 reg.exe 5004 reg.exe 4840 reg.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: 1 4552 WindowsTM.exe Token: SeCreateTokenPrivilege 4552 WindowsTM.exe Token: SeAssignPrimaryTokenPrivilege 4552 WindowsTM.exe Token: SeLockMemoryPrivilege 4552 WindowsTM.exe Token: SeIncreaseQuotaPrivilege 4552 WindowsTM.exe Token: SeMachineAccountPrivilege 4552 WindowsTM.exe Token: SeTcbPrivilege 4552 WindowsTM.exe Token: SeSecurityPrivilege 4552 WindowsTM.exe Token: SeTakeOwnershipPrivilege 4552 WindowsTM.exe Token: SeLoadDriverPrivilege 4552 WindowsTM.exe Token: SeSystemProfilePrivilege 4552 WindowsTM.exe Token: SeSystemtimePrivilege 4552 WindowsTM.exe Token: SeProfSingleProcessPrivilege 4552 WindowsTM.exe Token: SeIncBasePriorityPrivilege 4552 WindowsTM.exe Token: SeCreatePagefilePrivilege 4552 WindowsTM.exe Token: SeCreatePermanentPrivilege 4552 WindowsTM.exe Token: SeBackupPrivilege 4552 WindowsTM.exe Token: SeRestorePrivilege 4552 WindowsTM.exe Token: SeShutdownPrivilege 4552 WindowsTM.exe Token: SeDebugPrivilege 4552 WindowsTM.exe Token: SeAuditPrivilege 4552 WindowsTM.exe Token: SeSystemEnvironmentPrivilege 4552 WindowsTM.exe Token: SeChangeNotifyPrivilege 4552 WindowsTM.exe Token: SeRemoteShutdownPrivilege 4552 WindowsTM.exe Token: SeUndockPrivilege 4552 WindowsTM.exe Token: SeSyncAgentPrivilege 4552 WindowsTM.exe Token: SeEnableDelegationPrivilege 4552 WindowsTM.exe Token: SeManageVolumePrivilege 4552 WindowsTM.exe Token: SeImpersonatePrivilege 4552 WindowsTM.exe Token: SeCreateGlobalPrivilege 4552 WindowsTM.exe Token: 31 4552 WindowsTM.exe Token: 32 4552 WindowsTM.exe Token: 33 4552 WindowsTM.exe Token: 34 4552 WindowsTM.exe Token: 35 4552 WindowsTM.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4552 WindowsTM.exe 4552 WindowsTM.exe 4552 WindowsTM.exe 4196 WindowsTM.exe 4196 WindowsTM.exe 5100 WindowsTM.exe 5100 WindowsTM.exe 5060 WindowsTM.exe 5060 WindowsTM.exe 5604 WindowsTM.exe 5604 WindowsTM.exe 3112 WindowsTM.exe 3112 WindowsTM.exe 2180 WindowsTM.exe 2180 WindowsTM.exe 1560 WindowsTM.exe 1560 WindowsTM.exe 2568 WindowsTM.exe 5172 WindowsTM.exe 2568 WindowsTM.exe 5172 WindowsTM.exe 5832 WindowsTM.exe 5832 WindowsTM.exe 5388 WindowsTM.exe 5388 WindowsTM.exe 6140 WindowsTM.exe 1692 WindowsTM.exe 6140 WindowsTM.exe 1692 WindowsTM.exe 3592 WindowsTM.exe 3592 WindowsTM.exe 5892 WindowsTM.exe 5892 WindowsTM.exe 5436 WindowsTM.exe 4868 WindowsTM.exe 5436 WindowsTM.exe 4868 WindowsTM.exe 4504 WindowsTM.exe 3472 WindowsTM.exe 4504 WindowsTM.exe 3472 WindowsTM.exe 3228 WindowsTM.exe 3228 WindowsTM.exe 3460 WindowsTM.exe 3460 WindowsTM.exe 3840 WindowsTM.exe 3840 WindowsTM.exe 5920 WindowsTM.exe 5920 WindowsTM.exe 3300 WindowsTM.exe 3300 WindowsTM.exe 4992 WindowsTM.exe 4992 WindowsTM.exe 5192 WindowsTM.exe 5192 WindowsTM.exe 5800 WindowsTM.exe 5800 WindowsTM.exe 2888 WindowsTM.exe 2888 WindowsTM.exe 4816 WindowsTM.exe 4816 WindowsTM.exe 4388 WindowsTM.exe 3360 WindowsTM.exe 4388 WindowsTM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2104 wrote to memory of 5772 2104 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 78 PID 2104 wrote to memory of 5772 2104 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 78 PID 2104 wrote to memory of 5772 2104 JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe 78 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5772 wrote to memory of 4552 5772 WindowsTM.exe 81 PID 5416 wrote to memory of 5652 5416 cmd.exe 390 PID 5416 wrote to memory of 5652 5416 cmd.exe 390 PID 5416 wrote to memory of 5652 5416 cmd.exe 390 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 5652 wrote to memory of 4196 5652 WindowsTM.exe 85 PID 4552 wrote to memory of 5708 4552 WindowsTM.exe 86 PID 4552 wrote to memory of 5708 4552 WindowsTM.exe 86 PID 4552 wrote to memory of 5708 4552 WindowsTM.exe 86 PID 4552 wrote to memory of 6064 4552 WindowsTM.exe 87 PID 4552 wrote to memory of 6064 4552 WindowsTM.exe 87 PID 4552 wrote to memory of 6064 4552 WindowsTM.exe 87 PID 4552 wrote to memory of 4736 4552 WindowsTM.exe 88 PID 4552 wrote to memory of 4736 4552 WindowsTM.exe 88 PID 4552 wrote to memory of 4736 4552 WindowsTM.exe 88 PID 4552 wrote to memory of 5908 4552 WindowsTM.exe 89 PID 4552 wrote to memory of 5908 4552 WindowsTM.exe 89 PID 4552 wrote to memory of 5908 4552 WindowsTM.exe 89 PID 5040 wrote to memory of 4912 5040 cmd.exe 96 PID 5040 wrote to memory of 4912 5040 cmd.exe 96 PID 5040 wrote to memory of 4912 5040 cmd.exe 96 PID 6064 wrote to memory of 4960 6064 cmd.exe 1198 PID 6064 wrote to memory of 4960 6064 cmd.exe 1198 PID 6064 wrote to memory of 4960 6064 cmd.exe 1198 PID 2068 wrote to memory of 5096 2068 cmd.exe 98 PID 2068 wrote to memory of 5096 2068 cmd.exe 98 PID 2068 wrote to memory of 5096 2068 cmd.exe 98 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 4912 wrote to memory of 5100 4912 WindowsTM.exe 99 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5096 wrote to memory of 5060 5096 WindowsTM.exe 100 PID 5708 wrote to memory of 5044 5708 cmd.exe 4217 PID 5708 wrote to memory of 5044 5708 cmd.exe 4217 PID 5708 wrote to memory of 5044 5708 cmd.exe 4217 PID 4736 wrote to memory of 4840 4736 cmd.exe 106 PID 4736 wrote to memory of 4840 4736 cmd.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be5dbf9ab1a88104a95f8cc17a9642b3.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5772 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4552 -
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5708 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:5044
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:6064 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:4960
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4840
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
PID:5908 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\N1DJXZ7Y55.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
PID:5004
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:5416 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5652 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5100
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5096 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4416 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2416 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1572
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3452 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4352 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2748 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2236 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:232 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:228 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3200 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1692
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4740 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4172 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2936
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4696 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:708 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5436
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:568 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5864 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4504
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5952 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5232 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3192 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5580 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4644 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2104
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5956 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3104 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1484 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5340 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5800
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4512 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5784 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1040
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:2228 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1188
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1424 -
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5160
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1116
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5904
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5184
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5668
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5516
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5836
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5524
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2972
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1356
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2036
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3192
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5312
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1172
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2456
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5092
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2188
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5944
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2376
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4416
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:440
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5380
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5160
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2352
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2100
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5668
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4008
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3804
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2272
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2684
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3364
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:840
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2452
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3392
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5220
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4704
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4824
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1100
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4224
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3676
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5284
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:648
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4660
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4628
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1660
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6124
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3176
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:868
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3200
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5668
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:844
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2384
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6120
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1184
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3980
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5964
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1112
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5804
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2308
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:840
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5712
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2164
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4964
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4684
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4272
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4296
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4984
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2876
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3140
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4416
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3372
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1832
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4148
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6124
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5396
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5848
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:668
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1532
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6056
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5964
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4852
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1628
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2424
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2864
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3928
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4636
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3716
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5572
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:748
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3100
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2628
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1636
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5332
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:696
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2776
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5276
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4412
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3148
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2100
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3964
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3224
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5424
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6056
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3220
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5084
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5736
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2272
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:876
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4464
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6040
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4788
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5332
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4296
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4160
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6028
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2552
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4800
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2276
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4148
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5808
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5420
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2944
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4256
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5676
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5596
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6120
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1808
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3104
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4972
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5304
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:900
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3364
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5116
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5000
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2104
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5244
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5772
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3484
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5508
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4176
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3456
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3200
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4776
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3964
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2284
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:436
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5864
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1584
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4524
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2424
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1696
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5960
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4404
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3976
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2288
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2356
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6040
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5332
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2344
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1040
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1488
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1972
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4892
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4908
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2248
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:724
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4596
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1936
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5608
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2024
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1116
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2308
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5364
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5620
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3884
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5596
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2036
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2188
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2468
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3048
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4404
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1184
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5304
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:848
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5976
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1220
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4944
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4544
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5204
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5728
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2112
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3344
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4224
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2760
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4892
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4040
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5700
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5548
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3588
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3328
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2252
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:956
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2024
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:724
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4860
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5680
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:388
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4524
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3720
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2308
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2632
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1920
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1008
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4424
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1828
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4840
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2288
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5852
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3996
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1164
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5332
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4932
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3856
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3516
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3492
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3640
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1972
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4976
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4300
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1452
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5216
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4224
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3420
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2780
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:568
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3820
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3220
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:708
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3900
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2188
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2036
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5020
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2164
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:872
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5312
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2356
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1192
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5228
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1768
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5952
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4580
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5404
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4536
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5044
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:444
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1804
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3200
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3148
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2064
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2408
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2764
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1104
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:724
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1588
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3720
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3208
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4080
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2684
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5864
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2480
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4608
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5772
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2820
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2472
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1880
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4824
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3452
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3156
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2512
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4012
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4360
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3476
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6016
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4696
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5524
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4632
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3640
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1804
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1412
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5008
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3348
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:336
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5592
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4500
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5128
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5396
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1112
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3196
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6096
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5612
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1800
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5340
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1184
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3136
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4676
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:6068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1168
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1100
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3180
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2104
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4580
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1992
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4400
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3516
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5212
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1668
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1328
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3232
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:580
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1868
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1072
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5240
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2052
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5784
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2432
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2428
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3732
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4680
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4744
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3940
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2024
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2004
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2060
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5628
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:6084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5864
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3588
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4636
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2968
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3900
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:6120
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3788
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5908
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4888
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5672
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:656
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2748
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3984
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1424
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4068
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5404
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4932
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:5088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5916
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:3752
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3652
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5988
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5212
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5316
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4348
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1884
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4236
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2964
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2212
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:3704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2556
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:912
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1660
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:2284
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5520
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5564
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:4680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1864
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5540
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:1812
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1088
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:924
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3720
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1548
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4260
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5804
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:5976
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2884
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4296
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:4944
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:2600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:3604
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exeC:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe2⤵PID:1100
-
C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe"3⤵PID:1176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:4652
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\updater\WindowsTM.exe1⤵PID:2872
Network
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
314KB
MD5be5dbf9ab1a88104a95f8cc17a9642b3
SHA1763db9b2eb00cd1081e27b378d71af89814df232
SHA2568289f1c5a6c0c0235ad20c132054ac1bfc147c4ca4acecf47cf357000e2e7978
SHA512d769cb215c9dd18836b93e1777cb3bdcba3aca6de3ef3661d35f206740ccd2c8d17b040f16ebfd4e2e4848eee3d00eeae08fb33b667f1ab90d5b5c858bbca10f