Malware Analysis Report

2024-09-11 05:55

Sample ID 240527-vg366aah3z
Target VW-Geko(1).exe
SHA256 387bc76e2ab34e11bbf44c5e385265956e2228d4eb27216e7da19d0142006408
Tags
discovery execution exploit upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

387bc76e2ab34e11bbf44c5e385265956e2228d4eb27216e7da19d0142006408

Threat Level: Likely malicious

The file VW-Geko(1).exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit upx

Command and Scripting Interpreter: PowerShell

Possible privilege escalation attempt

Drops file in Drivers directory

Modifies file permissions

Loads dropped DLL

UPX packed file

Checks computer location settings

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Gathers network information

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Kills process with taskkill

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Hide Artifacts
T1564
Hidden Files and Directories
T1564.001
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-27 16:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 16:58

Reported

2024-05-27 17:01

Platform

win10-20240404-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT N/A N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri N/A N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri N/A N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main N/A N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5f7ddb6a57b0da01 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dad1bd6557b0da01 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{840E80AE-6D1A-4C06-9789-D794171EB34D} = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f0fee96557b0da01 N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 717c186657b0da01 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\SYSTEM32\cmd.exe
PID 4144 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\SYSTEM32\cmd.exe
PID 4124 wrote to memory of 1972 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4124 wrote to memory of 1972 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4144 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 2540 wrote to memory of 4444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 2540 wrote to memory of 4444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 2540 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 2540 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4144 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 2552 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 2552 wrote to memory of 5060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 2552 wrote to memory of 5060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4144 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 3484 wrote to memory of 3432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 3484 wrote to memory of 3432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 3484 wrote to memory of 1576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3484 wrote to memory of 1576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4144 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 3732 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3732 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4144 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4336 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4336 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4336 wrote to memory of 3096 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4336 wrote to memory of 3096 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 1120 wrote to memory of 3576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1120 wrote to memory of 3576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4144 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 1456 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 1456 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 1456 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 1456 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4980 wrote to memory of 1096 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4980 wrote to memory of 1096 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4144 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4036 wrote to memory of 1156 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4036 wrote to memory of 1156 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4036 wrote to memory of 3512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 4036 wrote to memory of 3512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 1012 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1012 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4144 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\takeown.exe
PID 4144 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\takeown.exe
PID 4144 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\cmd.exe
PID 4144 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\takeown.exe
PID 4144 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe C:\Windows\system32\takeown.exe
PID 4220 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4220 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe

"C:\Users\Admin\AppData\Local\Temp\VW-Geko(1).exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath 'C:\'

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr 0.0.0.0:443"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr 0.0.0.0:443

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr localhost:443"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr localhost:443

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr 127.0.0.1:443"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr 127.0.0.1:443

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr 0.0.0.0:80"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr 0.0.0.0:80

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr localhost:80"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr localhost:80

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "netstat -ano -p tcp | findstr 127.0.0.1:80"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\NETSTAT.EXE

netstat -ano -p tcp

C:\Windows\system32\findstr.exe

findstr 127.0.0.1:80

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\takeown.exe

takeown /f \"C:\Windows\System32\drivers\etc\hosts\"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\takeown.exe

takeown /f \"C:\Windows\System32\drivers\etc\hosts\"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\icacls.exe

icacls \"C:\Windows\System32\drivers\etc\hosts\" /reset

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\attrib.exe

attrib -s -h \"C:\Windows\System32\drivers\etc\hosts\" /s /d

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\attrib.exe

attrib +h +s "C:\ProgramData\Microsoft\Cpn Service\" /s /d

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\attrib.exe

attrib +h +s "C:\ProgramData\Microsoft\Cpn Service\" /s /d

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\attrib.exe

attrib +h +s "C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe" /s /d

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe

"C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe"

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vmware-hostd.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vmware-hostd.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x64.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x64.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver_x86.exe /f"

C:\Windows\system32\taskkill.exe

taskkill /IM vpnserver_x86.exe /f

C:\Windows\system32\cmd.exe

cmd /c "taskkill /IM vpnserver.exe /f"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pc.vgeko.com udp
US 172.67.191.144:443 pc.vgeko.com tcp
US 8.8.8.8:53 144.191.67.172.in-addr.arpa udp
N/A 127.0.0.1:15511 tcp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49879 tcp
N/A 127.0.0.1:49887 tcp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 addons.mozilla.org udp
GB 18.165.160.87:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 87.160.165.18.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www-alv.google-analytics.com udp
US 8.8.8.8:53 www-alv.google-analytics.com udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 api.whatsapp.com udp
GB 163.70.151.60:443 api.whatsapp.com tcp
GB 163.70.151.60:443 api.whatsapp.com tcp
US 8.8.8.8:53 60.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.whatsapp.net udp
US 8.8.8.8:53 scontent.whatsapp.net udp
GB 163.70.151.60:443 scontent.whatsapp.net tcp
GB 163.70.151.60:443 scontent.whatsapp.net tcp
GB 163.70.151.60:443 scontent.whatsapp.net tcp
GB 163.70.151.60:443 scontent.whatsapp.net tcp
GB 163.70.151.60:443 scontent.whatsapp.net tcp
US 8.8.8.8:53 pps.whatsapp.net udp
GB 163.70.151.60:443 pps.whatsapp.net tcp
GB 163.70.151.60:443 pps.whatsapp.net tcp
GB 163.70.151.60:443 pps.whatsapp.net tcp
GB 163.70.151.60:443 pps.whatsapp.net tcp
GB 163.70.151.60:443 pps.whatsapp.net tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 163.70.151.60:443 pps.whatsapp.net tcp
GB 163.70.151.60:443 pps.whatsapp.net tcp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp
US 8.8.8.8:53 package.kewo.win udp

Files

memory/4144-0-0x00007FFD5A823000-0x00007FFD5A824000-memory.dmp

memory/4144-1-0x000001EE006C0000-0x000001EE012C2000-memory.dmp

memory/4144-2-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/4144-3-0x000001EE1B8A0000-0x000001EE1C496000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\E97AE26C4DD8C23DEFFF46D43B901C51\64\vgeko.dll

MD5 8c0622cf2216bdced0f7babc6f86e047
SHA1 d591b61f769579f546e252fed67dbb89f532ca00
SHA256 99486a5f4fefc57735e9733021102a74ea27dc77d9994aba0263fada033a4523
SHA512 01c137eb59e644daa5853b28d757e35e25be4d4f2ae2b7c46f7fbff4a35cc86bad0f60b7d8b4e22d0b63cf750761d83d08d8769fef176d62163ab94e07faa39b

memory/4144-7-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-8-0x000001EE41F10000-0x000001EE41F7E000-memory.dmp

memory/4144-9-0x000001EE41F80000-0x000001EE41FDC000-memory.dmp

memory/1972-14-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/1972-16-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/1972-15-0x00000183D6BA0000-0x00000183D6BC2000-memory.dmp

memory/1972-19-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/1972-20-0x00000183D6D50000-0x00000183D6DC6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fpi5o1fj.uyg.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/1972-49-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/1972-59-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/4144-60-0x000001EE01670000-0x000001EE01678000-memory.dmp

memory/4144-64-0x000001EE41FE0000-0x000001EE4205A000-memory.dmp

memory/4144-63-0x000001EE031A0000-0x000001EE031B2000-memory.dmp

\Users\Admin\AppData\Local\Temp\grpc_csharp_ext.x64.dll

MD5 ec2b5d38cd57f149ee87f32b9dc892d7
SHA1 b1493642e97c0e9ca56db454ae42e03e4c04536b
SHA256 8425bd25adcc77e917ff5e9a0a039cf7cf4e7d2688157329545baf6041e4b7eb
SHA512 9b3b910f08fa1b4c6008cba52c9a259870e354ffd55fae26e6696f3b42ac9a5aa10f548b0421d2929541c3623f11ef84ead87ef4de46c3ef67aff57babef4129

memory/4144-68-0x000001EE42060000-0x000001EE42086000-memory.dmp

memory/4144-69-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-73-0x000001EE423D0000-0x000001EE423DA000-memory.dmp

memory/4144-74-0x000001EE031B0000-0x000001EE031B8000-memory.dmp

memory/4144-75-0x000001EE42400000-0x000001EE42408000-memory.dmp

memory/4144-76-0x000001EE42490000-0x000001EE42498000-memory.dmp

C:\ProgramData\Microsoft\Cpn Service\Cpn Service.exe

MD5 277eb9ba2c87567eec9c959d706542af
SHA1 4c3ca24cd097b7a893cdc4ca3047588e71becb7c
SHA256 c83acb39f1da4317de22bb554261eb417c8ac5cbd22a465fda9584eb60e62b39
SHA512 b90e70b501929dbfcaa05940210fd405e79bca56595ffb6f607d6df9c1185a9224a7261c15c4ab1568cf703692a20419e23fa002f2e00aeeeb3242cb2381ac87

memory/4144-79-0x000001EE45830000-0x000001EE45882000-memory.dmp

memory/4144-87-0x000001EE45700000-0x000001EE45712000-memory.dmp

memory/4144-88-0x000001EE459C0000-0x000001EE459FE000-memory.dmp

C:\ProgramData\Microsoft\Cpn Service\Cpn Service.InstallLog

MD5 d6b50211f1278876f58e29f2261ad999
SHA1 3a452f6b9010c6c8aa8e7387053e0226e2016c4f
SHA256 c3f623a955d00f850f9dcb868b2935ec8ea18ef377fb17b4e8e7216ae908ebdd
SHA512 1cf10f719199af594b21cc3fb6a5506e6eef3166d9a9fe07ab8eb5e1e8afe751743292be65b8c48f9a979e342c2fd0cecc8cb1f17674df343638bb218b0b789d

memory/2520-99-0x0000000000140000-0x0000000000192000-memory.dmp

memory/2520-102-0x0000000019DD0000-0x0000000019E12000-memory.dmp

memory/2520-103-0x0000000019E10000-0x0000000019E90000-memory.dmp

memory/4144-104-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-105-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-106-0x00007FFD5A823000-0x00007FFD5A824000-memory.dmp

memory/4144-107-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/4144-108-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-109-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-110-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-111-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-112-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-113-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-114-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-115-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-116-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/4144-118-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-119-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f4099841-bf75-446a-a424-9e79594817c1

MD5 9e27338c61b93c334d4f78b11336258b
SHA1 ebfb26433254ab55ef42797da911a183827857f3
SHA256 8ef12237851f1c91807eb0d3048ed3af058e94bc641a6af46d472bc37c1ff07e
SHA512 5a16de422db7e7b71cfab2a6d05b35e802de0b307ab4e443020f92f29a3746b6e950feb599f4b9f858ce94e1476d345351c851e8356f8a9673e55ea08ad17bb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\61bb0480-7333-47bd-8980-a2d3e3839d85

MD5 06f1039dcbc4684b6863b33cff82c452
SHA1 b103ac3c66bfc8f904f5796afb4df8439d10ee7c
SHA256 9a38fde86f636e904d7f90821d850c336043a6c980eb046695af15815653458a
SHA512 6eaf5a449ae4457fa0cded1d5689a0947db0311ec00eb6c7b8e821578b49f4a2589877a7972672019ab4f845ac0e572e388bb2b50ca1cbfd985a4428b4eda94d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 5932c6438be2f60cd3a71fb99a20e62b
SHA1 09bc295bd715b5f778becd294135597131a3026f
SHA256 3200b9f7192fb57534c91ae977b0e986959a860d36c4bab9d8c9419ab84f58b8
SHA512 c198fb7ce7bd34dee8e1cbbb1f853770b846a6aedc9883a22adbf866c252b207b2cae4f7d9c87aeac86d5024e6c56ecc14d1d8b9b1cba9f97f25d4888461b7a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 73dfeea07e5efa42897ee445fea29a87
SHA1 ba0a266e7c422938b0ac26dbb1b6029524177728
SHA256 2bc0126f5a1a24d7e916ff8d905f99f5630d0e2398f520651b7d059ba2c8085e
SHA512 42d1e90c11ce407bc24880595b2c15e2bb022288414e38afa970b5fd030c379afc0dede769ba044ede1bc543799eb370a6d240dd34d08a6a71d0b4d735f63d04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7f868e557b098795d645df9ea302427f
SHA1 001f3306144559b4049a8ab139b4139f51e59c0e
SHA256 b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA512 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

memory/4144-210-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-211-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d19f956b64a9be39e11acf6d7d3a5e2c
SHA1 1d7728e511a8ed764ce50c24accd4f8583009b23
SHA256 44b84eb192aa157ed23a2133b8d35d413caef6c6afe461437f551de8ce9cb9d2
SHA512 f821af8e585de7b90d3542e0293eda9033bc1ea321ec945bad44bc3eeeb6e3e5a39cd9f1b564f02e754f86482ac5a12a2ccf5b99195d2a0b8164942f2c98f634

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 f22de3e8812f7065629999fe344a2d9a
SHA1 4f575182c21f3b4a70461562b776e40e96f9619c
SHA256 a8e0feebfd6878d2ac2cd6ec89ab214e63129840d19b00591a7cfde949467a59
SHA512 213816b2e230ad19960764fd18c50973e11dbc5c7dce420c7cd24aba59fbf8db40005372842a89ef86a6f89c2578fb47435a7970e38e1fbfe38140c5705de10e

memory/4144-277-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-278-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 788734ecff2ba2ab827ecf3591e3a77b
SHA1 dd6c5da6725245aed776447e1b19c4a53cfe9e97
SHA256 fa2b3bf6b8fbae163eebf14fffe0737b0bed1a6dea611439cfc60a389ea607dd
SHA512 3a93c086367217847d142627a721f2133df66085eba17200eadba6fdad5d609a359170a0d03216f63493d483224fb84e0fb0315d040f0af0c3b929f2af512b9a

memory/4144-359-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp

memory/4144-360-0x00007FFD559F0000-0x00007FFD56620000-memory.dmp

memory/5308-361-0x00000292D3F20000-0x00000292D3F30000-memory.dmp

memory/5308-377-0x00000292D4020000-0x00000292D4030000-memory.dmp

memory/5308-396-0x00000292D14E0000-0x00000292D14E2000-memory.dmp

memory/1196-420-0x000002A215910000-0x000002A215A10000-memory.dmp

memory/1196-421-0x000002A215910000-0x000002A215A10000-memory.dmp

memory/1196-441-0x000002A2263C0000-0x000002A2263C2000-memory.dmp

memory/1196-439-0x000002A226300000-0x000002A226302000-memory.dmp

memory/1196-437-0x000002A225BE0000-0x000002A225BE2000-memory.dmp

memory/1196-493-0x000002A226750000-0x000002A226752000-memory.dmp

memory/1196-497-0x000002A226C30000-0x000002A226C32000-memory.dmp

memory/1196-501-0x000002A226D50000-0x000002A226D52000-memory.dmp

memory/1196-499-0x000002A226D40000-0x000002A226D42000-memory.dmp

memory/1196-495-0x000002A2267B0000-0x000002A2267B2000-memory.dmp

memory/1196-503-0x000002A226E40000-0x000002A226E42000-memory.dmp

memory/5308-569-0x00000292DA4E0000-0x00000292DA4E1000-memory.dmp

memory/5308-568-0x00000292DA4D0000-0x00000292DA4D1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KAD4R23F\ujTY9i_Jhs1[1].png

MD5 4a25be0c95d280005ea78d83fb18b922
SHA1 c70cd9f970418acb075d497d45fd7001b0d0fedd
SHA256 79addafadd1dcee91ec75407a2142d016b25028526301c4865578575be178659
SHA512 6813e1afb96716cfcce1a2071ce3e464e090242fa3d9cb17d69383a66c8034f9d550c94e7ed25052f2a4ea4da5c764bcfcd8fefb694a1763fc874a4466ba385f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC3471F6B9EE2A6AB.TMP

MD5 0da85d93250820b4de4d3410bca573a7
SHA1 240d8bae014ea7236d56551e2e88259e6a7cf731
SHA256 4d6a163a330654de11b2d7d879aa727f268ee718613365af8dc758e0ee651abf
SHA512 8a87f4e1863f1a83d3b08a7d0058014f54830ec4aeeeb7ee6afa0b0a495aa6287369e993f55dacde004cffd3f6fa26e28d641bfb056fb8ede3827fad62c488b0

memory/4144-737-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

memory/4144-738-0x00007FFD57570000-0x00007FFD57BF7000-memory.dmp