Malware Analysis Report

2024-10-10 12:57

Sample ID 240602-nhfc6abd8t
Target apex_rewrite.exe
SHA256 62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
Tags
dcrat infostealer rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6

Threat Level: Known bad

The file apex_rewrite.exe was found to be: Known bad.

Malicious Activity Summary

dcrat infostealer rat

DcRat

DCRat payload

Checks computer location settings

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 11:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 11:23

Reported

2024-06-02 11:27

Platform

win10v2004-20240508-en

Max time kernel

9s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

Signatures

DcRat

rat infostealer dcrat

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4980 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4980 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4980 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4980 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4980 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4980 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3968 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3968 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3968 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3968 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3968 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3968 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2172 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2172 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2172 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 1284 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 1284 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 1284 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 3160 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3160 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3160 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3160 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3160 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3160 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 512 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 512 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 512 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 512 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 512 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 512 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 4896 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4896 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4896 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4924 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4924 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4924 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4924 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4924 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4924 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 2392 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 2392 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 2392 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 2012 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2012 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2012 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3912 wrote to memory of 3892 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3912 wrote to memory of 3892 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3912 wrote to memory of 3892 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2972 wrote to memory of 3292 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2972 wrote to memory of 3292 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2972 wrote to memory of 3292 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2012 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 2012 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 2012 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 4964 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4964 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4964 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 4520 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4520 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4520 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4520 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

Processes

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

MD5 4fecbadf8e726f590bef4c36aab11cfd
SHA1 346b5aeb0cfbef4962cd9e0da4dc2c7dc4b16308
SHA256 d7419ddb69d35e25fa58ecfb935641a9c70f154175b9cdd9c8234ec084f69e25
SHA512 feea3b16503639308b8990a3a048ce0578a72a2e8a4f563c1dcf730a155306fbebc46d2bb8eabc5ccf4dcd095111241a434970359548de63fd89a3a278787dc0

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

MD5 bb662e9c860cbf0136f78e508ea7d458
SHA1 13dacd7e2a7c543340f7562a4834ceb4c706bb27
SHA256 62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
SHA512 2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617

C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe

MD5 28ad6314e864332bb5243abfbaaa9c50
SHA1 056b4d4c5b8115eec2f0f57d4cef8407067f53ca
SHA256 e09a245d9436301a46b4b320fa69d6581f4bd01cbc02cfe45732d2ed06a556a8
SHA512 698aed83649910d5f7fd96edf3e71ed1f3edfb3116eeb052a97f4321d9ae8d4c624fe1e12de8ac4e74f336bf0bf79b0322ac60b36d36c3cec921357a8fd8e16d

C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat

MD5 a2b0f8e0a540738dca7fbd339374ca32
SHA1 1d05f00b5a93c0ac887e39411ea4b9a797db3301
SHA256 08b0f80abea0fc945bbe11c92427b70f738fafbffe2a6d35b4584513487bec53
SHA512 6e2338a6706480cbdf8b93ce20ff9d4a84c7c0878346e14589bffe69d4045cc39e3d487f9c0157a5a4e0aad0d128ad0321b83a4491c273eaa92cbda65acfe5cf

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

MD5 56a5070861fd8ba42adf2f69d9b6bc36
SHA1 ac28756d70408bb4cc3e1745b64826a028f29b14
SHA256 d8a46175e95add6f4f4988687ee200d6342875a90119e4b14601ee43e7c832b9
SHA512 488b8e3d624ee32e10b69e3865a1b172311aa5b6ff3754cdec458ad8f2ca670232c1774ee520c3b836b3bcc344a7c772d2347e0dd3c7600c8ff673b9341facfb

memory/3392-34-0x00000000004C0000-0x00000000007C0000-memory.dmp

memory/3392-40-0x00000000028D0000-0x00000000028DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Surrogatesession.exe.log

MD5 5cb90c90e96a3b36461ed44d339d02e5
SHA1 5508281a22cca7757bc4fbdb0a8e885c9f596a04
SHA256 34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb
SHA512 63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4

memory/6892-84-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-83-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-82-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-91-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-93-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-94-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-92-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-90-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-89-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

memory/6892-88-0x0000022919FD0000-0x0000022919FD1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 11:23

Reported

2024-06-02 11:27

Platform

win11-20240426-en

Max time kernel

4s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

Signatures

DcRat

rat infostealer dcrat

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\drivermmap.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3428 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3428 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3428 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3428 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3428 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2456 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2456 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2456 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2456 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2456 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2456 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4932 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 4932 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 4932 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\System32\Conhost.exe
PID 3452 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 3452 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 3452 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 3952 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3952 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3952 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 3952 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3952 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3952 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2632 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2632 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2632 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 2632 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2632 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2632 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 3812 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 3812 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 3812 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe
PID 2652 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 2652 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 2652 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe C:\Windows\SysWOW64\WScript.exe
PID 2472 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2472 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2472 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2472 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2472 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 2472 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 760 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 760 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 760 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 1848 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 1848 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 1848 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 1848 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 1848 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 1848 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe
PID 4560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4560 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 4560 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 4560 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Windows\System32\Conhost.exe
PID 5064 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 5064 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 5064 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4180 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4180 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4180 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe C:\Users\Admin\AppData\Local\Temp\drivermmap.exe
PID 4180 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

Processes

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

"C:\Users\Admin\AppData\Local\Temp\drivermmap.exe"

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

"C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe"

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat" "

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

"C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\drivermmap.exe

MD5 4fecbadf8e726f590bef4c36aab11cfd
SHA1 346b5aeb0cfbef4962cd9e0da4dc2c7dc4b16308
SHA256 d7419ddb69d35e25fa58ecfb935641a9c70f154175b9cdd9c8234ec084f69e25
SHA512 feea3b16503639308b8990a3a048ce0578a72a2e8a4f563c1dcf730a155306fbebc46d2bb8eabc5ccf4dcd095111241a434970359548de63fd89a3a278787dc0

C:\Users\Admin\AppData\Local\Temp\apex_rewrite.exe

MD5 bb662e9c860cbf0136f78e508ea7d458
SHA1 13dacd7e2a7c543340f7562a4834ceb4c706bb27
SHA256 62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
SHA512 2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617

C:\Users\Admin\AppData\Local\Temp\WinSession\duZqKH656CaReDoyFlNQDhBO.vbe

MD5 28ad6314e864332bb5243abfbaaa9c50
SHA1 056b4d4c5b8115eec2f0f57d4cef8407067f53ca
SHA256 e09a245d9436301a46b4b320fa69d6581f4bd01cbc02cfe45732d2ed06a556a8
SHA512 698aed83649910d5f7fd96edf3e71ed1f3edfb3116eeb052a97f4321d9ae8d4c624fe1e12de8ac4e74f336bf0bf79b0322ac60b36d36c3cec921357a8fd8e16d

C:\Users\Admin\AppData\Local\Temp\WinSession\g5n1rA2YRUHoZLl2F1Uc9jOwv4h.bat

MD5 a2b0f8e0a540738dca7fbd339374ca32
SHA1 1d05f00b5a93c0ac887e39411ea4b9a797db3301
SHA256 08b0f80abea0fc945bbe11c92427b70f738fafbffe2a6d35b4584513487bec53
SHA512 6e2338a6706480cbdf8b93ce20ff9d4a84c7c0878346e14589bffe69d4045cc39e3d487f9c0157a5a4e0aad0d128ad0321b83a4491c273eaa92cbda65acfe5cf

C:\Users\Admin\AppData\Local\Temp\WinSession\Surrogatesession.exe

MD5 56a5070861fd8ba42adf2f69d9b6bc36
SHA1 ac28756d70408bb4cc3e1745b64826a028f29b14
SHA256 d8a46175e95add6f4f4988687ee200d6342875a90119e4b14601ee43e7c832b9
SHA512 488b8e3d624ee32e10b69e3865a1b172311aa5b6ff3754cdec458ad8f2ca670232c1774ee520c3b836b3bcc344a7c772d2347e0dd3c7600c8ff673b9341facfb

memory/4804-42-0x0000000000C30000-0x0000000000F30000-memory.dmp

memory/4804-48-0x0000000001650000-0x000000000165E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Surrogatesession.exe.log

MD5 ba188ab8514b037519a2ada3cdeb9a05
SHA1 518b6ee233a773b20230ebc226d741961b9bfdb1
SHA256 25effb7a46427c841cf727d6445ed5d8bcd128fdf767080ec1e10dbc8a40bee7
SHA512 fa2ea4f92834e14c5e09ff81c286c1ae7da9de68748a4dcc68da1ee214632386a24b204f4bd6ea71f17ec30d1e0fe8cb456c0c95ee65a07b87c2bef89c6bff08