Malware Analysis Report

2024-11-16 15:52

Sample ID 240204-t84fkagecr
Target 8fa716e6d698cff761a257134fc0dcbc
SHA256 aa08fb940347c2e06c546e101a2628f13d1f26676b81f97a038296e620fd0e02
Tags
google evasion phishing trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa08fb940347c2e06c546e101a2628f13d1f26676b81f97a038296e620fd0e02

Threat Level: Known bad

The file 8fa716e6d698cff761a257134fc0dcbc was found to be: Known bad.

Malicious Activity Summary

google evasion phishing trojan

Detected google phishing page

Nirsoft

Checks whether UAC is enabled

Looks up external IP address via web service

Drops file in System32 directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Kills process with taskkill

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 16:44

Signatures

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 16:44

Reported

2024-02-04 16:47

Platform

win7-20231215-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe"

Signatures

Detected google phishing page

phishing google

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\Microsoft\Protect\ms.exe C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A
File opened for modification C:\Windows\SysWOW64\Microsoft\Protect\ie.exe C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000000158661bf3b594cae70b57c0022920be6e684bd1dbaee1306d53448f67d38394000000000e8000000002000020000000c88450af39a1a8d30a9ca27752cf745f8e8a944e41c396120b6ced881e3ac7cf9000000064a5c4e3b0ee2948f7b49dcccaad70b2b6e351fcba2503207a5c2ed2fd53915ffc2e63743153cdbc77d5c1e6f3b878e7b91561a5d2d7eebc78443581725e6550e03ce5f940c371cf2d8560558152e5c54ae6a5c0684091ae6a79ae66a180f0398e68f635dc6e62fc5478b471ea739d774f1ebb440cdff4c11b97beb9ec579fa83a48c756d5b6a324bc78653dc1532dfe4000000062b10543aa3d358318fda469bb9367f2a1c758703cd3b5ff9b8b4e658e131f31a376dd6574dbe56b4bec171440024fc88d68f855e0d453263832b551c7933638 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000006f2f1e450bc9b78b02ffd5f284606d916df7a8ac7be98ff36a7bb2a855f25393000000000e8000000002000020000000089bab89443994fcc366c6e6c9f0f3ca32d0a1e338a3c0b2c98519bddd59665820000000e96c801925aad5587c721c7eef2329b35c1e0e367034a0f7c5738df4351beb8b400000008a743790e87a339b1418b15b8cf340e5cbe4128f74e37038b5493f9ce26ceb91212f4966ef8400e12c65c8666403925359aa902dde61d386a9cf9e9fad3f5ff6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "7637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "5754" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "5754" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0146f798957da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "7643" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "6583" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "210" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2281" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "210" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "5836" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "210" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "7637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6583" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5836" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "2281" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1944 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2456 wrote to memory of 2448 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2456 wrote to memory of 2448 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2456 wrote to memory of 2448 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2456 wrote to memory of 2448 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1944 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2980 wrote to memory of 3000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2980 wrote to memory of 3000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2980 wrote to memory of 3000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2980 wrote to memory of 3000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1944 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2636 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2636 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2636 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2636 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1944 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1780 wrote to memory of 2760 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1780 wrote to memory of 2760 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1780 wrote to memory of 2760 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1780 wrote to memory of 2760 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2992 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2992 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2992 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2992 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1944 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1980 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1944 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2924 wrote to memory of 1016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2924 wrote to memory of 1016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2924 wrote to memory of 1016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2924 wrote to memory of 1016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1944 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe

"C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f && exit

C:\Windows\SysWOW64\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c cd C:\Users\Admin\AppData\Local\Temp && del blackhacker1298.exe && del upx.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im cmd.exe /t && exit

C:\Windows\SysWOW64\cmd.exe

cmd /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f && exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im cmd.exe /t

C:\Windows\SysWOW64\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:209932 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:734218 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "16412802433991865981914604422-8109171-160683422818501244321223900379-1520247511"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1428218961-20590756822117525289-1907632104-1623059321-1656240268-882501607125452255"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-909289611-1475158972-1698983773272411311884824128-10745967181420438022-1751218799"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "288206343113966843-593567750-95698077-1610121362842058144-592173000-893868692"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "14978330072140477687915948796-96136107010083266091340476167-1841614385402899968"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "44508908455085924-21090231899785875791910612694-1357970030-831094385-416541820"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1784268437-166628600-1517704060-858737320514318805219103763-1011164771-979297595"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "21188764752136177870145736135294424065-962371872-1815390199-58364100271774097"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1817842730-7784172382037861494-232222716-154732878542532193-1770123259129582816"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1621963531-1416238055-1932928650-14395750631067636208100001551-1263505069-795385826"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-11012473241190692081898012862-609036533-214551935944761608136212245-1365637740"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-11039862101634956178-1683586370692154025471311393-17198359721321144646433621450"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10229605801310230661-1641359571357098226205549381616955876251181787759-2046299464"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-207830211-12656664644070230081825994530-1919032141190680250137761560610339359"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "13950482-803542325-14721434855424377861322148691818616608-5430741962082448520"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1596871972797768091-1691823894-250530343-433799609741303171-605774867-1922208939"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "984200962296300332-51374732717961297911571259896-267757059-2053875221-113828497"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "979947747-5140909074758534641101729260-903494537-566677086-1339143051272776966"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15985216442574177-2070223381496379205164166213-844530908200009276871982939"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-993879891-1139110370428079375-533831823-1225813994-719703700-330876864-1948859274"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1494883772-58619766914814762032366174321775939-7639536681170268807-1016506464"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "756932012-1451154769-72749591013027478011025102500-1062937983421446805-471515191"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1001559414717198197-2073080571179580406121179871093307477118584731491830597255"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "533102729-1044612954-2141871067-167319410215916576329785043-15955537191813929146"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "824439250-13624303251899901773898588881-865773673-1986961588-76215951-908155915"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-184488665137922206-2114333238720569962-1631061317-25382270617129674131373739065"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4714160131630998334150326861419859823852068472014-14498796219031249401047096016"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-20192874803966819334814723977058856470877497-9147078291554826601240283412"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-313064526-2107225607-1654991149-369732019204430320514511607911231310025820812903"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1297293749-7261248791475078717152212886182349447-8613705711346325426200697543"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

Network

Country Destination Domain Proto
US 8.8.8.8:53 cmyip.com udp
CA 51.79.49.219:80 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
CA 51.79.49.219:443 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
US 8.8.8.8:53 accounts.google.com udp
CA 51.79.49.219:443 cmyip.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 support.google.com udp
GB 142.250.187.206:443 support.google.com tcp
GB 142.250.187.206:443 support.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 policies.google.com udp
GB 142.250.187.238:443 policies.google.com tcp
GB 142.250.187.238:443 policies.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 172.217.16.225:443 lh4.ggpht.com tcp
GB 172.217.16.225:443 lh4.ggpht.com tcp
US 8.8.8.8:53 www.youtube-nocookie.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube-nocookie.com tcp
GB 142.250.187.238:443 www.youtube-nocookie.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.206:443 apis.google.com tcp
GB 216.58.212.206:443 apis.google.com tcp
GB 216.58.212.206:443 apis.google.com tcp
GB 216.58.212.206:443 apis.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/1944-2-0x0000000004600000-0x0000000005662000-memory.dmp

memory/1944-43-0x00000000094B0000-0x00000000094B2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cb77c7600720178f266ba2019e73f7ae
SHA1 982537f84f4ddb0d1e01a18a2ec7549136d79767
SHA256 a331c84d3f5b3917dcd30bd6fde7a65fdfef5969740c56a2b9c09b7cbbceacbc
SHA512 0f96591d538a6e800cbc0cddeee06e5f43c08ee2694913f1f0296f222ce9c75cbd4f44e07b25c544f87beb9d5b85a602a79fb210ee55821bd9e0cf165a5d1df8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b68fe463c7ec10f2571f6b452b5195e1
SHA1 0a735214f8f38e3ff4de9fc072879cdd5b830836
SHA256 d416fa3f24102ef5802842473524183d7e4808ac0ef819703569fdeae2ec142f
SHA512 e4f4640d59050cab6e690b9c2d7973992be61a87a4110876700ea8cce644c1166301bea83a4a1b921325c34d39f0df9ed6c94981da9fa8eeb08a6cc62ba91001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6a7b95c0887f572a95e4f7cae41723ef
SHA1 1f070e60fd299f800434258250e65347b1df2252
SHA256 7a9c29fc948d800cc9de25adacf4e0e34f55eadc96ba791e433b095ecd2bf6fd
SHA512 113bacb22ee5ee539df85d0fbbdd69c76c04fbaaf71a928042af4a3602fd3d75ba2ddfed08f6a25544bdc8b216a92771d844d840088df45ec30aaeaec41da3c1

C:\Users\Admin\AppData\Local\Temp\Cab586C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23c2e00baf3d1601c4234e30f0b4b276
SHA1 c7a7cb0e1f1b86b4c25dded6423b867663db78e0
SHA256 b054f94e35daa7995332aa03cd2adf81dd3cab2957681a1fec634693a49e14e5
SHA512 fb134cf4989ca47e8df82700125ee4f1a806a8362ffb8bc1fda220dffa9944d2e4c21b96ef202dc991355294806e8e4a323148c573e726ff7931fb1c09a68cbd

C:\Users\Admin\AppData\Local\Temp\Tar588F.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TOEY94GI.txt

MD5 8be903c7a5a2cbe1168290573337b575
SHA1 16b54105cc43fc685445c6a44882deed762a449a
SHA256 a3194d9976fef95fa994b838f1fcb18288c11895105b0fd3512f353612cf05ce
SHA512 0a2016dd8b5796e5e1371732750cab581a4bbc0713431faf3e8370adeb22a2be4b27090d6828aaa01e5779bdf687a8edadfdea09ecad59a8acf3a10d64a8aeb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 76cdd5021dce67685a93a915847f5a33
SHA1 302dcfc6b3ba349d85e988090b9eee73c4ce5a71
SHA256 d932e45434943f320f3657b8e43bdec5d86690317e412682e13cfcf25362efe6
SHA512 36fb9125ead5e934f0e91255c9276c749ffd97274b2ef4a96dab2ed497aced99587dcc2a5aab8d53238207ab73cde78b0ec6cd024c88f7c7363e51e9d7f29ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 545256f65ab5234bd9f2fec90080fb5c
SHA1 b316e2b8825ad048cd5e8866b1073ec9767009f9
SHA256 fa1b884e9cf888b6c0115359211f4f7817619e67c4b8df13c9dafb35a79fb31b
SHA512 cea4e28e3cc056a901f081d331611316b8399e8d48cbb3f650a0b7070ba1c8738b921b3674e7544cc58f72ee7e3ae262371b40571689f7403b494ce1d5ccd0a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bf098c223b71ac93b114a14be1555032
SHA1 5c9f61ba32868295cff0f5383495bc4271a27b8f
SHA256 e1e82d0a02f9424a3abc7b5ee173429bcdf35202026556bddaffe9a6c2c3ed3b
SHA512 c399f92bcc415751c2ee507d53b0476937438630abb629e80e4a69873d586e93412fe1d009bb7cba8445ce5995520f95312b124f7bbf97e7de1c513e3cbf4c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 3c2361ab8aad504e8aae3d7940d59547
SHA1 d2a9a9bc4fc70d164527950bdb527d53ba7ce4bf
SHA256 a6318e6941949d4e10f0979b1c440d7c6e2eee3c4cd660e6ad5a6165d8ad27a1
SHA512 d87f52b731e0faeb61f29a1787bab23a76075b7f735d8a9a63daaf6fe64edb982ffd4e03de214480c491741402518ebd71b9ceb97c66607a1be488128d5e85e7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BSL9YDG9.txt

MD5 30fdb1d304e319534a734bb915a0962e
SHA1 6b5e38751ae7a00e9e8c01d895ef7226291a625e
SHA256 cea094513f9982ba50ab2de21867df1645d4f2776b075f356b5b9253a4fb4e42
SHA512 908fc5a1b38544b2051be607d7f63906e31daf474ae7525321f4032233fe09905a0e6cf7be3c7476bf506adb7b9a7fdea031f8ca264dbe405ba2e7c4f1802cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f2d0700bd7e9f92e1324ee651cb075b3
SHA1 6c44af9682dd9432fc80aa528997e529b73d2e4d
SHA256 7b79e17d313fce604f772855084ff5106fe267533984e8bd523fd5c5575353d3
SHA512 0584191262ada47d821ed6f0f70bad8b6f86f3ba85352d192bd7e4980c134c9d70cdb9fbbe54df324d48ad15dd95e969907d5c44f7adf9f33f5f9bf9c1844919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 fb923512534205777df5ce6e8a9d6cc4
SHA1 f494c4a1a0f673e9cbbec7768ea8e2528124ffb6
SHA256 6bf725df2b705f0045a2fc55c54f1d900923d2940238245f1881fa77cec16150
SHA512 2f8b8e78b5c4197a7fc36c64b9733d3ec353c089d8c1c07cc213016306810926b18df297907498f93adab7526cdc463429c9ae5d6cf22a8ccdebd755f30e3a5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 38ff8efa79bd070dce4f859bf3925593
SHA1 836338bf9d719e6d5f32469c557bd07829aee5ca
SHA256 cbb6e9ca75a2a5f9505174cfdcb79ecb91547cd8a9e8d5caf7ad0b908001e33d
SHA512 a1f707f20d162de305b6b422c81d6a8dfdf9ca998abfb92c84317849c149c8f0719bbaeffafbef0ab38e54ec058a2a15b531f562df219917ccd95bce2fadba14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 a8e02af25e2a3daf1683cfab9512a02c
SHA1 8b59006638b52d229facc12e9a760630a4a1fd2f
SHA256 9cd40ca39338750766a2c07f344ef94d3921fec481777ce080f687ac555b4b3d
SHA512 e45f3ff392fb1bcbe80e0812b44fc30cb7f856f12810bbb1d4be32c15946acfc6cbc25aadd9cba7e9693db44bc2a5039d67e433ad6ff90bb74fe334e18797a02

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LEYWHQCK.txt

MD5 59d532c079107c4d085997b7e31eb84c
SHA1 33ad0e1ae3299855490701214f54a672c38e8749
SHA256 3fce75171db78c7c561ef17324e0b2365e989dd8ce31f8d144751b7e8c1cb708
SHA512 ee4856a914d259693dbc4dd2d5c11f389ec1c53abe0a2c91c392caa9f8ff4a6c34f7bc88c9a55e7735a20fb9120831d1e8569232be9dff1f10e4f619a4f69942

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\rs=AA2YrTsyKS00fijwG1FJsjx5yPFW8A0u4w[1].css

MD5 863dfcd64f00169112131b77db50ff5c
SHA1 db95126903bf0edd2915926b62763d05cea3ec07
SHA256 1701fc8e2b8956bacfee340da1eb98d7dac490432481ddd4ddf9d17548f66441
SHA512 204ca4029ae65a745d666e5d621ae5b4042a171c485bd019a917323f33e84a4d176cf311cf3ce3f09dcdb9918d1f16269409c390505d053782be38a67e4257c1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\rs=AA2YrTtUw4B8rw4HGQ40JdlsN4Xycci2mw[1].js

MD5 67b65fc1de48a98a26e523932ce843a8
SHA1 fc4992b8f52742030db5663d2b5870e496b0a73f
SHA256 5987b8843a32f645107b67fedfb5ee6a355632f0e47a271ea456e37c390c2355
SHA512 6dd0ce371d073792c8e7de1b904bd9d764559c28cd1002836a84e2006f389916526862dda22c59e78147e58cba2ce6491a0c88b3c8adbe5550006cc5171aa8c2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\KFOlCnqEu92Fr1MmEU9fBBc-[2].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9

MD5 670e168c21f39e6ce157e4f7594cb185
SHA1 4ebdeedabce93d80ad46acc80448e55bffd00b15
SHA256 ce28fb2cf24db6273ec96978c9f07d0ac61001fc58b0dd783592d9543b75149d
SHA512 d7560625ea010a076884c4beec20604d75018d6cfaff3e22caa35db25292253d8342f8249097d24fd4559f12dbe6e1e1c5c8e979be6655d32b5ab0cdd1cc743a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy8[1].woff

MD5 5ec579e39f77190de20a4cb4d7b082dc
SHA1 d99f1d73c37968cbdbe44c7387e7474056c4b034
SHA256 031c66a54247283c9430caeb5c54a90e5974244c9ccb0234d53b27d4a484816b
SHA512 3e11f6d2fa13eecd4fc34b1186a96dad8dacb629c046e606f2dc7cb53385ae9a4e0f3aa950b1698fa188c3e449cbf03423e46f8632b81425d8abcc4b145cb617

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woff

MD5 e7bbf7e9e89975e144cbc167f2293fde
SHA1 0cb43d4e0ecf79c8af6629ca1c386ea23fa02c02
SHA256 a87a298223b431522629f284f2d237773f8257b2db427904ca95ec20dfc34cdd
SHA512 75ad4ef05603116a2c0d16e9c7f793d47602044611f369a83a6aed4d14279809064c43b6ea3bea28f889f3ce65199da67cf0685819a8f0c01f5dfc0c97969a7f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\KFOlCnqEu92Fr1MmWUlfBBc-[2].woff

MD5 cf6613d1adf490972c557a8e318e0868
SHA1 b2198c3fc1c72646d372f63e135e70ba2c9fed8e
SHA256 468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f
SHA512 1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\googlelogo_color_74x24dp[1].png

MD5 de327bf69212b7255bbb0c8f40f52a3c
SHA1 8c9e7517e6456e13f3f4640e39743b74f98b8f39
SHA256 0793cefa320c6c622e8b143b35fafb577bd7584c26796d3b5e1321463494fe76
SHA512 fdc82955ccba3e9310cac694197c43eb289ce9ffcb2a0784ccbae0f3ceb5adcf2f72d40c411290bdb6f3311e23321d13d3c2c6d20dc63e733a291a115e254060

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff

MD5 a1471d1d6431c893582a5f6a250db3f9
SHA1 ff5673d89e6c2893d24c87bc9786c632290e150e
SHA256 3ab30e780c8b0bcc4998b838a5b30c3bfe28edead312906dc3c12271fae0699a
SHA512 37b9b97549fe24a9390ba540be065d7e5985e0fbfbe1636e894b224880e64203cb0dde1213ac72d44ebc65cdc4f78b80bd7b952ff9951a349f7704631b903c63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrzjJ5llpy8[1].woff

MD5 8525b8f65d40a1cb7f29852a3892bf27
SHA1 3b830675ddb16b60551408037082cc5d4affea92
SHA256 6cb2773c98a2dbe514ffcb677ab741e73169f4cf34691f34ea70b09ff48803b7
SHA512 87126a3c93c005a9b85192e0a9a7f3824729828db4320c2b6bea05bcb2457c854dfde5742dac5a139cb0ab5fae9ef5f261c5bf3d0ee300391f1220f84f2898e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy8[1].woff

MD5 46340077cb37c81b2bc0b03299108bc4
SHA1 2957977405fe3c8c0198e225ba86021f37fc5122
SHA256 0bf0857a7247d0ca9f0221bee4203b003207eecb888651660594710230091bbb
SHA512 01ebfa7efb4f7c265b2c0eead23158fff094b2d3a69d8be4ba9844f89d18efde1030ccdd5bc278c47ef0cc202fb14f0879a1ca5fa1609b8a0b70a1750ce93d18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\www-embed-player[1].js

MD5 7337df72687de941115294903bc0dd8f
SHA1 4a01f8cbb335a072c9a6c7226b389ca47ae33a62
SHA256 bba2653a44f46ed95594b8ca06246d5b5d9df9a31fa4e4dc6fd218ba6e83a194
SHA512 7f7b8fa5cd697a5ce3a98225f56ef250b3efd205699c10a1387f732d5c4b74daac95eeb22dfb43d3110cc5033e80c6a13012fdaf8595ebcd605a8d27b3f4a52a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_5CE2EB03B2908B1E8F8C99F6B8032A13

MD5 0a14b8b6a57f85a65caba1eea9183053
SHA1 05ebffc9ba93fae24af8f690d1ef903d9d6ce816
SHA256 66a41c79386f9d502a8966b42b9ae0c9e254794a984889932d87e9fc34b06b50
SHA512 f14fbe3728b7316b99f41cbba9ebc87be80f0d1a5bc8deee21c4f9f2294b699f7a76241a65e6b2edd9f1c3f2d16c34e2f693c5f79a63530e830bf1718feaf64f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_5CE2EB03B2908B1E8F8C99F6B8032A13

MD5 ed58cc4f2a0181f8b8fd87ded0749543
SHA1 835ffc519ea65e2d93969f39ccc386b8f7316ecf
SHA256 9bfea163914af951a5608e1639b1e37758be26ecc5642d963805308a3fb8db07
SHA512 18a4fda2b2d7df0a800b98a1785f6db090ddef0d65b7ce71e4444a0f5e2b98d2c5a1680ecaefc14e02ad9a83a5ae2d42db27f77d4a3c43bf64dc279d475707e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\m=_b,_tp[1].js

MD5 ebb3a67b296d063cfdf823f0bad9464b
SHA1 f79aa14150ae058bc8d792f943f28aea247bfec8
SHA256 914a0ab122cfd65ca744010ab05fc9de305a3d1b4872366c350fe96984a61aa3
SHA512 ea211801019865b432fd5bf2f1a179cd92deb5b2f57dadbb82ef31630635b2dedcf1747e89afeaf300b68b5d9a00ac5537125675277538ab92f6c7930e1d2048

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\cb=gapi[1].js

MD5 ec9a3858b2c06b17c4811845c37209c4
SHA1 2df320ad9daf33dd31e6381906f7fdcb598ef312
SHA256 421319127de46e1ab3f62ccc60459a5c53a5ad462e5bd62051cf5e346ae26231
SHA512 a8ac445f151e4a56d1870e7d0a0b3940672a4b6a2b4a1426e6764f8b2ddbb61427b275fd2797373834d10076b50e06e50f509e2b8ee1fb02cf4a936b7e611b49

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 7f8de7140ac0da114957cd46ebfefdaf
SHA1 930eccf68a58ec48c4d2da635727770d3ad1b538
SHA256 5b20a8506ed9e4cb407386d0db7a9c796c514f107749dcf8a1430917a8f2cfb0
SHA512 10049f43702e6763c410842c07221398be8e447308f5f884285b828e5cbc09894cb9f4239c1c7d4376d50808b35d1e26630d07e38b2f9c6770a0527364561441

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\m=IavLJc,FqLSBc,VXdfxd,krBSJd[1].js

MD5 7285dd3b39a7be3f53cd799665a383d8
SHA1 dae7ae3b91521ba9d6c30534bcf230196ac93b86
SHA256 43dfe00bb4e57084cd669b956a5a9b42e0099af34646bde553c39e6cf719d15b
SHA512 a42c3e9ee44b8fc5c2d82db6b899a0653c7d59a2910906795852064b3e44595438669862441e8f1286e0592faccab0df0ffb06759e104e226f56baa297ef2c18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\MHHE7A5K.js

MD5 18c1fcaf684c81132d4c1f3d04cb7487
SHA1 9b39794aea7a3a805ee57763b981c2880adb1361
SHA256 34aebdedbeb939119c4d4b68615f07db80b2a03de2907c3e537c492aa774e50c
SHA512 abee9372d1d0caf2fb54348416d71ef098e1026e3eebbf3bfdda31a7245a0666e91d89667a4f3dc8aaddb76239f61a1d2426f99ea0186ed285bfc25e0cbc659c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555

MD5 13262df8187c7e7a7f0f4975392e863d
SHA1 2a96e79e42da6ca0a65c49358ae902b166b05f5b
SHA256 276c19471aceba248eb7f732a3a32af66182dd699ec290b6d0a239d3bf7179e2
SHA512 db652c18aa941522b3dc727c3c762a12471bf4ac31b494cab6a7905e31b1d8a81769888c2859bcbba0a89ab4fbb3e07770402253dd32a3640dbfc464b18117eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555

MD5 e7b8c9c8fcac703df49470e9a5aacb2b
SHA1 3220c5365e4b2a72966f628feb363c32dbdf7c3c
SHA256 9c0e2652d04c9180e9471129254860e21ef27fe0f4040d410bab2ae390ed6596
SHA512 bc91302bfac10b265677188fc991c240fb496772b4ad956c2e5da123079c908263b09ea73ff2dc9fdae9ff2c7c32747552864d441666e30058ffac54b659b15b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TOGIG1PI.txt

MD5 f8b15d5f8ffc5109203a18436c791cf5
SHA1 f5c85091d8b73bb0ba28bcafb817c70c47c44c2f
SHA256 ee55d630c80e4d8efb0cd9c66ef0b6c44ad78bc95182d15b96c52b19699a7bcd
SHA512 78a540d196311134bf2d45159a0b37377b5758a028addeaa212bbec27e2cf51853d5970785c5a37404e137b939c264954d536d6649c558b7158c1d514a90308f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\js[1].js

MD5 90d84b857bb6a65df5b65ec175cf6f18
SHA1 2bc8c179eba739a594eb9e076e5e5f3f7ec6ed53
SHA256 f6a0664fbe9c0ca1ece983a7127851151d233e66798108f9cf71c21d1bf535df
SHA512 206bdea7f0e4238559fe0e0e7e955c58f875cec0af89fbeabac4e716687398b1f78a5be221ad542b3f951a77b620f290947b6a2f6726695f5d1e699e06f15287

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6af5ed28248ec698de69de6ccbffed1b
SHA1 99c41f149e1e12a017497d3f8ffa6ea75b9cc47f
SHA256 d70c60b55c62f75315ac712e047c8bac63fbc6f5e1f7cbda1ef195d3e7c3a7e9
SHA512 10590b133d18b73307c18ff7e090ca7e8c344fbb8e989a64d13fb601ad7b216d7b8179c859ec087b7914f9e8ed066c9cde6f8807c52994e4f2b3dd7394b9c337

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\base[1].js

MD5 60f2836ef5e8bee6e80096ee8313f7b4
SHA1 f8df0682f4ff5d77a1ac99741b8f3da86cc1957a
SHA256 0827493defe4d3b89557e682ef6016499a4a7446a7e05f156170bd99d59752d9
SHA512 0c755417d3ed20edad6bd70f58b1b60e236d63dc6863811ed03d4a1f7630042672c8120fb7a185c20bb683a0ff6172c2472979d845e657867833eb044072ae06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e40b9b0a8fc6b606d6097ec2060f092a
SHA1 33cd2757babc299851fbd4757f358d627ebcff4a
SHA256 9c36ae8822ff8a2b64791cba5e0638e2709227873d3056158618bc928509ac70
SHA512 e617ff92ff0b0212eaf5aa3cba1516d085961cc1be37af4c074e7f3725c282a6237a898a4c66a2aa359194db9718932a24a2cbb3e990660d8c9290a7a2027f4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b84d1470e64dbad9fe8c8193018b48
SHA1 2e266e673ac014047c8045e75574daa278648328
SHA256 4372ef1975431067f582604c19f38494ae3b470601dfbe32b0d0d526a4cc49d3
SHA512 9648a4024716e7761d91961eb4e89e607d37e5ca5bc6893889ae164653c3b84ebb7415b33ee277b4ffcde3786009a6e2b219987a1524102a081d01a1144e0e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82f72ae9c1fcff195dd977c86fe51e25
SHA1 088db323feb4b16bb14c0675f709e5bf13af9977
SHA256 19d78a3c9c4c4572ac7dad4bd837a6904474829eae92540a7cf541ab31c09cb0
SHA512 47f36e2fbcf1e624b8ae35271b06ded9b333f743ca4526ad7da05f43ce3b4af402e6f46f3926c6b7b5868b5c62b26e338058266dac9303fdc3b63515ab959cb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f23b2e1c0afdd9ac4f6f4275e5c0713
SHA1 0b4ca9baf5689850eec16495005861f40c96335f
SHA256 3181a627f213ed737e647368479123e0e8618601ba91e26111cfedea384424c6
SHA512 ecfb3d7bf1d026f07113be1d21ae0f608b07c2a79dcf30d74a98285ce3ff082fa288c1c7081c8d528347f122cb8b0910b4012df46b40b42747d8cddbc73a969f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4c4da13b36d85eae76795687fd04f90
SHA1 adfb355f208f49deb66eb56cb0d197cd7d2af7d2
SHA256 5c37e31f257a33ca449e8e432231887f11dd159786b924fe0282daf712361470
SHA512 512fa49fb52a373c05141e4911f57848bc99b3b171f1e755f348fe113f24ff8eddd136a4a7659c771826a3761794a99c019dba57834085b41aedadbf84193a58

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 1570055eee7ada8359eea66b30cd2542
SHA1 9282b7ee7747ab3e4bb74e6bb79acb8e4c1635e3
SHA256 abc36ef7896d24f4db32171db3799852eb17316e904f61c9200fdd4f9b968dd5
SHA512 fcd028088c52ce65db3731fd5e346cdc98f75c17867f9fd6a6d2ccd8cf405ac33ef7fb54da8dbb686662f753b116374dc2f7ac5a16d37fddd6cbb508a7f9ca9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ec4ed6fdf44d238a00aac5a6f0b1199
SHA1 42e743b4b2e97205e7aaf45adcd3177d41ff5d88
SHA256 72fe66734a03318d02dfa4148700998b28197c9741d6681328e6cb4d2a3f8cd9
SHA512 abef0180be1b2b9cfbc0d77cf6b95781f422cfd4621ad843ef802f0be451953ed37722c225e9df57fbc58dd4225caa8250c828b7249682cb585580a1a48dcc4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 549f5cc7f3a8a25143eae7860542e5c3
SHA1 12620e0d7f4291d3eae769f6b76f21b64d53af8f
SHA256 998e66cfad7e13cf1352b02c961c0723d058912b744b54663009b1213667577c
SHA512 566ecb1938c3c3e587dcd7e9d2dbdbfa25f4a0f99dc01ec97f350af84a82f04e858313bf016cc635490d4c368d8423473170f736a0e8dfecd74ad536d1819273

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b32422fc7eb29da8c045af8432c6418b
SHA1 85d8b27c4abc06f1a06c63a3c7856e908d40ac5a
SHA256 dbafcf4525b93950eee69ef93b866790b906dc3c4d1e90f93d38f64402487b9d
SHA512 10a9ee5e87ef3cbb93ec2e0749322d475b6e9f25449db9ce594f11526f56e398e77fa1445a7d68c60326acfa38f38708d15de8bbea2f1c013c5fd01c39e4491e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 33e215635f597b2089b7f3d3af64e85c
SHA1 9bfbd21c6324fe0925097a14e28ac9e14345ba0c
SHA256 b0db7653b7177e94408c465ea16a85e670c18c65e626debc1a68397aee77fb73
SHA512 dd2785bbc3aaf0b8e8c716a3d98f7e8cabdb90dd0a3018a8becb275413b011cfeb699796b33c9aa8f63a2336e4a644cb16acda69ddf7dacb71e95816dfeb92e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9

MD5 f8c7e007695aa59431f8a76b17442be6
SHA1 3ee2266d1e8f3ecfa19b3916ef05d9e749c22c77
SHA256 c2ba7ad310cc1f02979d19b8d1fdcd8872e8927e8aa260679374cd4d2e2687fd
SHA512 e913f0d283eb283a70551daea9abca9a300b7f0adae2dd78050b9130cbe25390e49baf21395cf4a9e1baa8cf4f077f929989b0015c222046eae3224e2d2eb375

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 02cfa87ef5f8641ff8b4ffff1edc920d
SHA1 bc9328824c17462ef9ab75473eddbedcaa6c8e04
SHA256 c432e6bf9261eb5f0e9537bcf03bd0db99d2d33400cf29bbc701bc3539f9e9d7
SHA512 2e7ca125f7b2fc94a122425672ce46436614c2b7e93880b447b3fc18d257111ca878d57ae0eb6b188a72ad054895821c878ea322d93047405ac86c9dae71e52f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\HLpQHcChua3n_JJmKboJj5pRpFtYdYywf4zhDiQgI6c[1].js

MD5 571102f90c58a54d4813408071c95d9d
SHA1 8fa10a23890c541b070de9c2d173c21dcd7ec586
SHA256 1cba501dc0a1b9ade7fc926629ba098f9a51a45b58758cb07f8ce10e242023a7
SHA512 5e91ef3027f703c51a843478e298a0b2f6127e2779c3f230c46ad4f2299da328cc1c66611d22489077444cbc3f438ceb0a71391d5ecb3da65c23ded6aaae6c3a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\remote[2].js

MD5 1468ba2a0ee215ea6b6bf696dae212ec
SHA1 08404c5010f2c1ab5c7912d7f4557a65052637f5
SHA256 bdf3b51907cc5593d32ad5a022212ae439f51b86d7b7e63c1890e6cbafaf825c
SHA512 9343f8142871741c3dc9e32ff55d89b7d5e126451e8007a393e351532e05fd3b447413ee26d6886505593a1e8c047bfc58bcb306d917ff6a5e9cc3aef41ce140

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 4eb3e1ff8f035b4d626fc947704df74b
SHA1 c720da2f69b317b540b0f55c2f7198141b584703
SHA256 568776b7db865d148ff64df1a70553e6010b4d470e8f7c954e4a8ba1effec642
SHA512 a9913b08c0ba7e4028a4c4d78328c9d41fd6f91a5d3a73c7e383fc6cc58b24e932ee9a075c6a5f9f09c0c4f153426ec89076e97d3368333faaeabdc8f903ecc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\embed[1].js

MD5 4d624700b7bb98c2b85935e56628764d
SHA1 0b08d69ef3cfc841ef0a87267753cdcacbac5633
SHA256 8b0ddb86f00c054b6ef58b440b2132bcb83d5d3f053d761591ff16cd379c8bcf
SHA512 215a4832d63705c9598ba4595a48688fce1406ab03dd6e44a2558465c17a8856cd15e9700ee53efb2742ddbb812d12eb6d677424b97417a1dc1c90717a9da8f0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 28e831a71d5dbdbf050e0abbf489d64b
SHA1 438158e7afe4699cdd1b5b7bd672a3b0e4eb973e
SHA256 d80bfe7f3f2e4c40d318cd38761c68a1df4d9eb39f75167fc269d12e2dd7c565
SHA512 90dac13217b053668a17cef650f908b7b7096b6ff3d8a5f42e34fc9d8b26b582eb73c7abdc3cbcefea7986992f74c7374132bf93e00c0425c23245ae19c42897

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 73fb18d3867a8a52568c27f384571d25
SHA1 9b06a93ec832f97fd84c67894b16e9a5f7ed1ef0
SHA256 e4d5eb8b1bf28f05652b94ed5e92184733494ef120933e68a58682e3407e8e41
SHA512 d2c40f2c795bb9706b1d61a8eca1daeec416df7c07f3c96131c05181219f92b4743f73ec895d337ba33f5d776ca9ee5813ce6cff3cbb30480b2162276a493334

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 9511d0a8e8f6f1cc3c226aec01a7bba0
SHA1 e264aa35b1c25a09d7e748edd398ad8ed18c5b85
SHA256 1ee3cf94d29343cf4909662a448e62ab08ad0a6549c31ed162aa0bfc638e09e3
SHA512 3808aae67ac9ba7852c50ec3973a2a93444c381eebfa483a3474e3684d6610c974192cc1bb144673735275115a4162c66bbca57e1d1893ddd90128b77b82a466

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 c4fcd29c9abb7d76a340b6ce7040f3e5
SHA1 3268d534afcbfe1fd3d3d0831dbc1d3525432e25
SHA256 28699a182eb9aeb045ba3ab3877e41aaeed9be6674f7895efa6bfea77d8182c2
SHA512 f3ba33939ce357d4b1b46ca7347c13851f34f8db6db089b8778658b41b7792eed246ea678c67068a45179d97e520ad8a94d513c2feddaf3d03b339707056a9f9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 10f99744eb9ce63e6c328c0c14e81161
SHA1 31410adf0c71c544fdb2d276848f592dea2da841
SHA256 26a90285c9a7b7e9e6eb886208b6bc60a4dfba7704a43a1b326944e479f26fc3
SHA512 2646478ec15f35534a9b68bf9b76fd43629383c1ae6f4721c5a687739b92ee7948091384398f8d752414d632993d5ba3ac5cdb8b7dc61a003dd7be7581e2f31b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 8f951b6779537c762caa1f22cd854d0a
SHA1 ba41e006dc03b92288dbe84da8145d97cc0b4546
SHA256 e03e3d6f657da2a3a2a4dcff3a016310d5dbdc527e0c7f09cf426bc516d9f66c
SHA512 2c0b8302382bc02ae30e11f99ae05de57fd41d4a7506b597e1e1da0d0cb19bc6a81a82ae8c068779fa6e1be935f4eb9d2102ddfeb954f8f84f8c66d28f2e9b99

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 79f602b7dd3e7df124a9b497f8748cc8
SHA1 c29e4b15389085f3aeb81e4579d552ae0b20692f
SHA256 330f327a3dd674f1348b89c41b5169ee08a030f147444a0a651d882946853992
SHA512 a9b4bb9ec6f0087664944d329b2e32d509a33f179e4723b384e8a808eb0ce28dd1bc1e001ad4262615ea069ad37bf2e19856c8241fa3d0fa7fd0d3b1af80fad5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 371a640b21efe47c5b5a166dccc9e2c0
SHA1 a03b16446e14173170ec092229095662317738da
SHA256 1cd70a4682c2f22bb0752bd053dcd651d5e64e7f3422e79db8634c7d42ea451a
SHA512 80c07eea72b0f37a9916c65f876bbac5485e94e81d3d7530993b6f031ccca362b9d92e696cf59b858293df212ef7a421971a9e7eb8f4fd186a6d7ec6fdb25893

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 71095e923344fb3f957f159d35de927b
SHA1 4f21dd06ab904e08e73dcc1ddabf391fea2b333f
SHA256 6820863c1e008cea2f6efc8bf1e398340e81887eb705dd8f518201e3cb5b3511
SHA512 7c93bd4df1c6fed968cf974235aeaa5089d57e2587fd9d71a96bac19b85e09e11d8fe08ce79fbe1f3b828ae39d027c343c7b3df62613026bdcf716aaff27a099

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 f4d525221e4ee689242646cc9a159d22
SHA1 a132b648ac30f21fc94671431e0b4d3daa9a4f65
SHA256 0f324e9c805018cc3dbca21b0f57786fdd753f577b686c7f8b7225e49879beaa
SHA512 968c0ae7d25d8a42eb815907dfb27ceac7350fa9e2348d5b90cbd96ea211c5158ffb8405b23df183416f738c86803f962080faf31a12790d213d506fe237e026

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 db970d6bcedd0862b0890346bf567b00
SHA1 c10bc3d21857bb892ab445aac4216f9e3d0ba820
SHA256 68e03c1e58fd16de8d3bddd008a153361629d77afad5b99407fe755f92c26d9a
SHA512 89ff83f570e269a05296de80eec71f04cbfc612ebfe851f06aa8fbb0f950db1e02d79b11f98531c31b45cfc99ef734d42483fe3cbb4ffc332118ba224f05d1fa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 b64b456539459b25eb3c68cefc6fd6a4
SHA1 fdcb21e5c24cc0c46b6cbd4fdf733be58c87f888
SHA256 d39a9515b5269c16b26a2f53f36739a893d552e8c9cab264c28be5ba3caedd10
SHA512 a9aef67c54c819ad6663695f4ece65e178b67665e1ea1b21e1825896962bc64f0cc64152d237a67adb1a7af2624ec27009e64a64b63611345e87bb47a22e95b7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z7JBFAN0\www.youtube-nocookie[1].xml

MD5 1f72564bc7b04318db62d5a5f3869eba
SHA1 25638124922e08cf905fc9f382b58165aae3b9f3
SHA256 7de5f27a620261ce1949f3e94be19e2c91f0b84073863831ce4aac9ced4fbe75
SHA512 7467319973fac713255fae351e26ab9cb761ac7cace24424914010d59a51de4129203527646675004d24a8cc9964ac6210142468268090952b9a8d22fa962c79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91bcfbe507f152f8972499967e9f2e2f
SHA1 53cba7703b301f2242b40231d6ccf83532e8f616
SHA256 0f6323d3873b74d4c495c91e770fff5dbbcf7670995a4fae15abf23fe0728784
SHA512 91388fb35bb094e8f798761f6f3d9cf8124580ded531e1ae31f32ce7f0775097877deabfc12f457dda6e26ec94cc7d6ca71381cccbf8834afc94501477f6a246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd9efbea52b065eaed2a54a4cab8c3c7
SHA1 1e5bee38dc2ce5a4143824a6a00a34acb29ba580
SHA256 28890846186ffa90f51d18891b2cf6b4c4a844e16062ee724db3167b4e67b169
SHA512 6d9dea05d649e9df557361a56567694a5b1ec29e4fb0fef1c96b9c829b4c01cfcaaf9da8fc3de32acfe7629ccb8092bf0ea7ab241316d89ccd79a9bedb74fafd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c39dea4192842d050e81f7cde03288de
SHA1 7158f665de3664f3377922058a215df3b598dfd5
SHA256 dfab56bb2c9cff13432a8d813ed69eedf99453251eb21201cb60188da52039f0
SHA512 b49918e2de76be9876054cd55e909cefd04abaa89554e9dbc439e6da039fb2f73d66473c6a084902de1432ee4a5e9843684aa5607ea22132ad181b590b1a9f2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff376a1f25f802d5bf809b5d9b64204e
SHA1 5935b1ed62a4406c9f816ee452772d354a196923
SHA256 f89ec5a88e9f438a10ccc400595d215d21a60b41cc55b6242d625ba75eafd648
SHA512 6b8eb4cdb806698fb6b3c09abbbc11c51be05d1b60fe2f625bd9b294f361510a08152c1495cb78b7cb541287f47790edf72393d7fbf1c0dafb70a60a5b37a105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c06b120e7a0947da6f4929ff5b4de322
SHA1 78572d7aaf67c22b9fdc2f6da95ea487aff3ae6a
SHA256 e1b8df616c64a91056ee44821ea38b69bc0bb32e32d0e15e38fbd818a41e2168
SHA512 a48f2f25561b3f8f062a3976e2682ff7f142949d4601295bbb53ce46b1f1e9a11f7a2d103e2d351aa63f760994aef8782c7961d080fe3d3ee8fcd8984c15badb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5151926e41feee1181703e931dbfcf59
SHA1 6c30a161cd666140493895a9fa829acd97d874fe
SHA256 fd296728251dbcd471bb3709af8e474c70c093b7f2547cd0e614ca83e1338ba0
SHA512 19f2c548a02622f4a6d9774978d89977dcd3ca743b05b67dc912fe1c636a90d27dd728003907ee4b3d51cb987ad0cd0e4ce40caae5801568598dcd4da77fcd18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 211d0785f2ce7a3b4dbff2c739f6faeb
SHA1 7b02de8f264e1bf31c10f5dcb1764bd1ef6a79a5
SHA256 b9cd85da3f8d8ed225a2690351265a1a63d3bccdd00173a389d2f447bf71ac4e
SHA512 6335ade4a90baaee6a8130c0013620d5284809add08c5315fdb154950f62e6ce0e57cb42d1b0a22428a378a6741646892b21a8f71e7817058286d3e6c02e1604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5677d5452e571d377cd22053438976b3
SHA1 abb50c3bbdf36184168b9435f5293e057ffbc337
SHA256 63a403d0115016b07d36d00b59b0c15e92d653063fad36398b1a99ea5f6f7c22
SHA512 eb1114d2a84a2ac33dad28be6248be0e8b97a9fcdf2ca14e7d38b4a66ce725a2484d3237f68d59712ee2592c10b6cc65f528b38b6a254703393db3c6715dfa89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7b909309eeb470ec108f25e872b58c72
SHA1 c3dd2120a96744926fb80463bdead0a638848e36
SHA256 90dbff3a3939d371f9f5a4d95144102fb1e84c40a667c113eaf1a47891af59dd
SHA512 30e2f2fdecb8b9d8dcc78176a9c187303c08d932bf426cd8dc155f319954b18894001e68ccb1e4e8bb20263976ba932c705932fa4f19b899d40e50653033923c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 346d21ba6957647fcc11a6560f1b478c
SHA1 ba166fc1790fe6418b1f66e5f31f97b48e3e0c3c
SHA256 1c23fb43955b84a960ba763cfdcdef9b09e3c626c21b15217fac3e6c991fa5f3
SHA512 676af87423f6ef4a12941fc51cab8d84d76915bc667c61533bd908dee0b10eaa35d4f2ce4282850dabc9d5ac0a7d4c4d27a8722296a28e18a3e5bd73bb001e2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e956c966e19a3b91b2fd46b272a20abf
SHA1 cf146e361e844ae740b4f8d8055cb3f520403336
SHA256 5fc3522a78d845e5f38a680c55312010414dfd81497e5de1074310690d335acd
SHA512 b1dbb1025debed5b50e7ae2d8bb4fe11c02bb965b323ca8a6cea3e7efa5319ef401a27672805d2bb6a4c1195d26f46d8ad2aa86ad98b64dbc8b74adc1610c8d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-04 16:44

Reported

2024-02-04 16:47

Platform

win10v2004-20231215-en

Max time kernel

137s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A
N/A cmyip.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\Microsoft\Protect\ms.exe C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A
File opened for modification C:\Windows\SysWOW64\Microsoft\Protect\ie.exe C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 656 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 656 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 656 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2244 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 3300 wrote to memory of 3164 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3300 wrote to memory of 3164 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3300 wrote to memory of 3164 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2244 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1020 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1020 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1020 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2244 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 3860 wrote to memory of 908 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3860 wrote to memory of 908 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3860 wrote to memory of 908 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1732 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1732 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1732 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2244 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1424 wrote to memory of 1260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1424 wrote to memory of 1260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1424 wrote to memory of 1260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2244 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 2244 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe C:\Windows\SysWOW64\cmd.exe
PID 1392 wrote to memory of 3748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1392 wrote to memory of 3748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1392 wrote to memory of 3748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe

"C:\Users\Admin\AppData\Local\Temp\8fa716e6d698cff761a257134fc0dcbc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f && exit

C:\Windows\SysWOW64\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c cd C:\Users\Admin\AppData\Local\Temp && del blackhacker1298.exe && del upx.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im cmd.exe /t && exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im cmd.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f && exit

C:\Windows\SysWOW64\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im taskmgr.exe /t && exit && EXIT

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe /t

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2244 -ip 2244

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 2272

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 cmyip.com udp
CA 51.79.49.219:80 cmyip.com tcp
CA 51.79.49.219:443 cmyip.com tcp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 219.49.79.51.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
CA 51.79.49.219:443 cmyip.com tcp
US 8.8.8.8:53 www.cmyip.com udp
CA 51.79.49.219:443 www.cmyip.com tcp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
CA 51.79.49.219:443 www.cmyip.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.212.227:443 ssl.gstatic.com tcp
CA 51.79.49.219:443 www.cmyip.com tcp
CA 51.79.49.219:443 www.cmyip.com tcp
CA 51.79.49.219:443 www.cmyip.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
CA 51.79.49.219:443 www.cmyip.com tcp
CA 51.79.49.219:443 www.cmyip.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

N/A