Analysis Overview
SHA256
62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
Threat Level: Known bad
The file apex_rewrite.exe was found to be: Known bad.
Malicious Activity Summary
DcRat
DCRat payload
Checks computer location settings
Executes dropped EXE
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 11:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 11:23
Reported
2024-06-02 11:27
Platform
win10v2004-20240508-en
Max time kernel
9s
Max time network
155s
Command Line
Signatures
DcRat
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
Executes dropped EXE
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
| MD5 | 4fecbadf8e726f590bef4c36aab11cfd |
| SHA1 | 346b5aeb0cfbef4962cd9e0da4dc2c7dc4b16308 |
| SHA256 | d7419ddb69d35e25fa58ecfb935641a9c70f154175b9cdd9c8234ec084f69e25 |
| SHA512 | feea3b16503639308b8990a3a048ce0578a72a2e8a4f563c1dcf730a155306fbebc46d2bb8eabc5ccf4dcd095111241a434970359548de63fd89a3a278787dc0 |
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
| MD5 | bb662e9c860cbf0136f78e508ea7d458 |
| SHA1 | 13dacd7e2a7c543340f7562a4834ceb4c706bb27 |
| SHA256 | 62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6 |
| SHA512 | 2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617 |
C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe
| MD5 | 28ad6314e864332bb5243abfbaaa9c50 |
| SHA1 | 056b4d4c5b8115eec2f0f57d4cef8407067f53ca |
| SHA256 | e09a245d9436301a46b4b320fa69d6581f4bd01cbc02cfe45732d2ed06a556a8 |
| SHA512 | 698aed83649910d5f7fd96edf3e71ed1f3edfb3116eeb052a97f4321d9ae8d4c624fe1e12de8ac4e74f336bf0bf79b0322ac60b36d36c3cec921357a8fd8e16d |
C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat
| MD5 | a2b0f8e0a540738dca7fbd339374ca32 |
| SHA1 | 1d05f00b5a93c0ac887e39411ea4b9a797db3301 |
| SHA256 | 08b0f80abea0fc945bbe11c92427b70f738fafbffe2a6d35b4584513487bec53 |
| SHA512 | 6e2338a6706480cbdf8b93ce20ff9d4a84c7c0878346e14589bffe69d4045cc39e3d487f9c0157a5a4e0aad0d128ad0321b83a4491c273eaa92cbda65acfe5cf |
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
| MD5 | 56a5070861fd8ba42adf2f69d9b6bc36 |
| SHA1 | ac28756d70408bb4cc3e1745b64826a028f29b14 |
| SHA256 | d8a46175e95add6f4f4988687ee200d6342875a90119e4b14601ee43e7c832b9 |
| SHA512 | 488b8e3d624ee32e10b69e3865a1b172311aa5b6ff3754cdec458ad8f2ca670232c1774ee520c3b836b3bcc344a7c772d2347e0dd3c7600c8ff673b9341facfb |
memory/3392-34-0x00000000004C0000-0x00000000007C0000-memory.dmp
memory/3392-40-0x00000000028D0000-0x00000000028DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Surrogatesession.exe.log
| MD5 | 5cb90c90e96a3b36461ed44d339d02e5 |
| SHA1 | 5508281a22cca7757bc4fbdb0a8e885c9f596a04 |
| SHA256 | 34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb |
| SHA512 | 63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4 |
memory/6892-84-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-83-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-82-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-91-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-93-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-94-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-92-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-90-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-89-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
memory/6892-88-0x0000022919FD0000-0x0000022919FD1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 11:23
Reported
2024-06-02 11:27
Platform
win11-20240426-en
Max time kernel
4s
Max time network
202s
Command Line
Signatures
DcRat
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\drivermmap.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
| MD5 | 4fecbadf8e726f590bef4c36aab11cfd |
| SHA1 | 346b5aeb0cfbef4962cd9e0da4dc2c7dc4b16308 |
| SHA256 | d7419ddb69d35e25fa58ecfb935641a9c70f154175b9cdd9c8234ec084f69e25 |
| SHA512 | feea3b16503639308b8990a3a048ce0578a72a2e8a4f563c1dcf730a155306fbebc46d2bb8eabc5ccf4dcd095111241a434970359548de63fd89a3a278787dc0 |
C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
| MD5 | bb662e9c860cbf0136f78e508ea7d458 |
| SHA1 | 13dacd7e2a7c543340f7562a4834ceb4c706bb27 |
| SHA256 | 62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6 |
| SHA512 | 2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617 |
C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe
| MD5 | 28ad6314e864332bb5243abfbaaa9c50 |
| SHA1 | 056b4d4c5b8115eec2f0f57d4cef8407067f53ca |
| SHA256 | e09a245d9436301a46b4b320fa69d6581f4bd01cbc02cfe45732d2ed06a556a8 |
| SHA512 | 698aed83649910d5f7fd96edf3e71ed1f3edfb3116eeb052a97f4321d9ae8d4c624fe1e12de8ac4e74f336bf0bf79b0322ac60b36d36c3cec921357a8fd8e16d |
C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat
| MD5 | a2b0f8e0a540738dca7fbd339374ca32 |
| SHA1 | 1d05f00b5a93c0ac887e39411ea4b9a797db3301 |
| SHA256 | 08b0f80abea0fc945bbe11c92427b70f738fafbffe2a6d35b4584513487bec53 |
| SHA512 | 6e2338a6706480cbdf8b93ce20ff9d4a84c7c0878346e14589bffe69d4045cc39e3d487f9c0157a5a4e0aad0d128ad0321b83a4491c273eaa92cbda65acfe5cf |
C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
| MD5 | 56a5070861fd8ba42adf2f69d9b6bc36 |
| SHA1 | ac28756d70408bb4cc3e1745b64826a028f29b14 |
| SHA256 | d8a46175e95add6f4f4988687ee200d6342875a90119e4b14601ee43e7c832b9 |
| SHA512 | 488b8e3d624ee32e10b69e3865a1b172311aa5b6ff3754cdec458ad8f2ca670232c1774ee520c3b836b3bcc344a7c772d2347e0dd3c7600c8ff673b9341facfb |
memory/4804-42-0x0000000000C30000-0x0000000000F30000-memory.dmp
memory/4804-48-0x0000000001650000-0x000000000165E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Surrogatesession.exe.log
| MD5 | ba188ab8514b037519a2ada3cdeb9a05 |
| SHA1 | 518b6ee233a773b20230ebc226d741961b9bfdb1 |
| SHA256 | 25effb7a46427c841cf727d6445ed5d8bcd128fdf767080ec1e10dbc8a40bee7 |
| SHA512 | fa2ea4f92834e14c5e09ff81c286c1ae7da9de68748a4dcc68da1ee214632386a24b204f4bd6ea71f17ec30d1e0fe8cb456c0c95ee65a07b87c2bef89c6bff08 |