Malware Analysis Report

2025-05-05 21:50

Sample ID 250414-r4xq4syqv2
Target 4363463463464363463463463.zip.zip
SHA256 12fce52d084a8c7efa638c88fa2307bca7c038a49fe566ebb05533cacf17efbd
Tags
asyncrat quasar remcos stealc xred xworm crypt default logsdiller backdoor discovery persistence pyinstaller rat spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

12fce52d084a8c7efa638c88fa2307bca7c038a49fe566ebb05533cacf17efbd

Threat Level: Known bad

The file 4363463463464363463463463.zip.zip was found to be: Known bad.

Malicious Activity Summary

asyncrat quasar remcos stealc xred xworm crypt default logsdiller backdoor discovery persistence pyinstaller rat spyware stealer themida trojan

Stealc

Stealc family

Xworm family

Asyncrat family

AsyncRat

Xred family

Xworm

Quasar family

Detect Xworm Payload

Remcos family

Quasar RAT

Xred

Remcos

Quasar payload

Async RAT payload

Downloads MZ/PE file

Themida packer

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

Scheduled Task/Job: Scheduled Task

Modifies registry class

Modifies registry key

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-14 14:45

Signatures

Xred family

xred

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-14 14:45

Reported

2025-04-14 14:47

Platform

win10v2004-20250314-en

Max time kernel

2s

Max time network

77s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

Signatures

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Remcos

rat remcos

Remcos family

remcos

Stealc

stealer stealc

Stealc family

stealc

Xred

backdoor xred

Xred family

xred

Xworm

trojan rat xworm

Xworm family

xworm

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\ProgramData\Synaptics\Synaptics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\ProgramData\Synaptics\Synaptics.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\._cache_Synaptics.exe C:\ProgramData\Synaptics\Synaptics.exe N/A
File created C:\Windows\SysWOW64\._cache_Synaptics.exe C:\ProgramData\Synaptics\Synaptics.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A
N/A N/A N/A C:\Windows\system32\cmd.exe
N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\._cache_Synaptics.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Synaptics\Synaptics.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Synaptics\Synaptics.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\ProgramData\Synaptics\Synaptics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\ProgramData\Synaptics\Synaptics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5128 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe
PID 5128 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe
PID 5128 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe
PID 5128 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 5128 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 5128 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 556 wrote to memory of 456 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 556 wrote to memory of 456 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 556 wrote to memory of 456 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 748 wrote to memory of 5800 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 748 wrote to memory of 5800 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 748 wrote to memory of 5800 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 456 wrote to memory of 1464 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Windows\SysWOW64\._cache_Synaptics.exe
PID 456 wrote to memory of 1464 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Windows\SysWOW64\._cache_Synaptics.exe
PID 456 wrote to memory of 1464 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Windows\SysWOW64\._cache_Synaptics.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

C:\ProgramData\Synaptics\Synaptics.exe

C:\ProgramData\Synaptics\Synaptics.exe

C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding

C:\Windows\SysWOW64\._cache_Synaptics.exe

"C:\Windows\system32\._cache_Synaptics.exe"

C:\Windows\SysWOW64\Files\ddosziller.exe

"C:\Windows\System32\Files\ddosziller.exe"

C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe

"C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\Files\hiya.exe

"C:\Windows\System32\Files\hiya.exe"

C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe

"C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe"

C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe

"C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\Files\Mswgoudnv.exe

"C:\Windows\System32\Files\Mswgoudnv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe

"C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c8 0x440

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "tesst" /tr '"C:\Users\Admin\AppData\Roaming\tesst.exe"' & exit

C:\Windows\SysWOW64\Files\NOTallowedtocrypt.exe

"C:\Windows\System32\Files\NOTallowedtocrypt.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp93C4.tmp.bat""

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe

"C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.funletters.net/readme.htm

C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffa7432f208,0x7ffa7432f214,0x7ffa7432f220

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "tesst" /tr '"C:\Users\Admin\AppData\Roaming\tesst.exe"'

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1692,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2440,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1892,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:8

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4824,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5768,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\tesst.exe

"C:\Users\Admin\AppData\Roaming\tesst.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\Files\2020.exe

"C:\Users\Admin\AppData\Local\Temp\Files\2020.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Local\Temp\Files\2020.exe

"C:\Users\Admin\AppData\Local\Temp\Files\2020.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 16892 -ip 16892

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 16892 -s 528

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 15684 -ip 15684

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 8308 -ip 8308

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3120 -ip 3120

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 15568 -ip 15568

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 1464 -ip 1464

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 11736 -ip 11736

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10336 -ip 10336

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15936 -ip 15936

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7360 -ip 7360

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 7512 -ip 7512

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 12984 -ip 12984

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9716 -ip 9716

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 15592 -ip 15592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 16792 -s 1100

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 15592 -s 1092

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10284 -ip 10284

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe

"C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6700 -ip 6700

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 15536 -ip 15536

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8912 -ip 8912

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 9296 -ip 9296

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7664 -ip 7664

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

\??\c:\program files (x86)\internet explorer\iexplore.exe

"c:\program files (x86)\internet explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 20196 -ip 20196

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 408

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
RU 185.215.113.209:80 185.215.113.209 tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 funletters.net udp
RU 185.215.113.16:80 185.215.113.16 tcp
US 208.122.221.162:80 funletters.net tcp
RU 185.215.113.209:80 185.215.113.209 tcp
US 8.8.8.8:53 xred.mooo.com udp
US 8.8.8.8:53 freedns.afraid.org udp
US 69.42.215.252:80 freedns.afraid.org tcp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 download.suxiazai.com udp
CN 1.180.210.62:80 download.suxiazai.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 dfq.aldanbue.com udp
US 104.21.16.1:80 dfq.aldanbue.com tcp
GB 20.26.156.215:80 github.com tcp
IT 185.225.73.67:1050 tcp
RU 185.215.113.209:80 185.215.113.209 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 www.funletters.net udp
US 8.8.8.8:53 www.funletters.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 www.funletters.net udp
US 8.8.8.8:53 www.funletters.net udp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 88.221.135.26:443 copilot.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
US 208.122.221.162:443 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 8.8.8.8:53 acpressions.com udp
US 8.8.8.8:53 acpressions.com udp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 8.8.8.8:53 acpressions.com udp
US 8.8.8.8:53 acpressions.com udp
US 172.67.213.7:443 acpressions.com udp
US 172.67.213.7:443 acpressions.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
IT 185.225.73.67:1050 tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 95.101.143.185:443 www.bing.com tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
IT 185.225.73.67:1050 tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.187.225:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.187.225:443 ep2.adtrafficquality.google tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ftp.ywxww.net udp
CN 60.191.208.187:820 ftp.ywxww.net tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 pub-cba497f350194e308a09f98ef358c552.r2.dev udp
US 162.159.140.237:443 pub-cba497f350194e308a09f98ef358c552.r2.dev tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 20.169.41.5:8086 20.169.41.5 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
IT 185.225.73.67:1050 tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
RS 79.101.0.33:80 79.101.0.33 tcp
US 8.8.8.8:53 github.com udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.187.206:443 docs.google.com tcp
GB 142.250.187.206:443 docs.google.com tcp
GB 142.250.187.206:443 docs.google.com tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 o.pki.goog udp
IT 185.225.73.67:1050 tcp
GB 142.250.179.227:80 o.pki.goog tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.200.1:443 drive.usercontent.google.com tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 ratlordvc.ddns.net udp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
IT 185.225.73.67:1050 tcp
IT 185.225.73.67:1050 tcp

Files

memory/5128-0-0x0000000002250000-0x0000000002251000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe

MD5 2a94f3960c58c6e70826495f76d00b85
SHA1 e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512 fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

C:\ProgramData\Synaptics\Synaptics.exe

MD5 85e3d4ac5a6ef32fb93764c090ef32b7
SHA1 adedb0aab26d15cf96f66fda8b4cfbbdcc15ef52
SHA256 4e5cc8cb98584335400d00f0a0803c3e0202761f3fbe50bcab3858a80df255e1
SHA512 a7a037bde41bcd425be18a712e27a793185f7fde638e139bbd9d253c371cd9622385eda39cf91ab715ead2591cff5b8c9f5b31d903f138d8af7bab6a9001ccab

memory/5128-127-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/748-129-0x0000000000610000-0x0000000000611000-memory.dmp

memory/4512-132-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

memory/4512-133-0x0000000000070000-0x0000000000078000-memory.dmp

memory/4512-183-0x0000000004950000-0x00000000049EC000-memory.dmp

memory/5848-243-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp

memory/5848-244-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp

memory/5848-245-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp

memory/5848-248-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp

memory/5848-247-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp

memory/456-258-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/5848-259-0x00007FFA58BA0000-0x00007FFA58BB0000-memory.dmp

memory/5848-261-0x00007FFA58BA0000-0x00007FFA58BB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe

MD5 4c4b53e5e75c14252ea3b8bf17a88f4b
SHA1 08c04b83d2c288346d77ec7bc824be8d7e34e40f
SHA256 799b9238ec23d902f6a9172e6df87f41faff3f639747f5f70478065a35a37598
SHA512 d6738721bcb0ec556a91effaf35c2795257dd0bbe6b038beb2d7843a2f490d66e75cc323dd154216350deee05b47aab6740efe12b869bac6bd299b9a2da699a6

C:\Windows\SysWOW64\Files\ddosziller.exe

MD5 fcd50c790fc613bb52c7cea78a90d7ba
SHA1 06197d1e57e63af0b898de2b8388c447e2c6cc71
SHA256 1a626198cb756125b04335293477b64d6bf0b8c1a3c9dbee117afd247fa477d6
SHA512 1e9c923d08fae0818ba190efa1f7199ded9a04687022832730107cc9f9383262da14555d06f366df2b73123182ad4c9033a7205efc75b9535e39b8e676aef86c

C:\Users\Admin\AppData\Local\Temp\y7z3QnYA.xlsm

MD5 e566fc53051035e1e6fd0ed1823de0f9
SHA1 00bc96c48b98676ecd67e81a6f1d7754e4156044
SHA256 8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15
SHA512 a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

memory/336-284-0x00000000004D0000-0x00000000004E2000-memory.dmp

memory/1844-285-0x0000000000A20000-0x0000000000A9A000-memory.dmp

memory/1844-286-0x00000000053E0000-0x00000000053E1000-memory.dmp

memory/1844-288-0x00000000053E0000-0x00000000053E1000-memory.dmp

memory/1052-291-0x0000000000400000-0x0000000000446000-memory.dmp

memory/1052-289-0x0000000000400000-0x0000000000446000-memory.dmp

memory/1052-287-0x0000000000400000-0x0000000000446000-memory.dmp

C:\Windows\SysWOW64\Files\hiya.exe

MD5 7f0257538089cd55fecc03bb86a1efe4
SHA1 50850beedb570d80971eaedba25c5ea9ba645feb
SHA256 0809c80c42e094b2695efbe1ca0532bc494b40c1fbd5967b05979c2077633e1f
SHA512 542e1f179976d4d8b370fd81e7633c6fdb33fe0b596e48170b31a04195f9809dc1a2268b6012f001dcd3ed62b068b8a34acc9a3450f1817206ffb1352447cebc

C:\Users\Admin\AppData\Local\Temp\GS7D9C.tmp

MD5 7d46ea623eba5073b7e3a2834fe58cc9
SHA1 29ad585cdf812c92a7f07ab2e124a0d2721fe727
SHA256 4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5
SHA512 a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

C:\Users\Admin\AppData\Local\Temp\EE775E00

MD5 7be55b0038ca71114838c56a4da26198
SHA1 7be5a6ee059a9f1884c65d25643696c352565ff0
SHA256 0604a6f49c4def45458a30fec41b210fcd906b2f54572350310932a454546a59
SHA512 afd440378daca43207514138e01728cc2d477d9c2a8513a09aebfaf32fe904cd8ea95aa0f8f9f0c0cc20f1330c1963823445eaa40eb783e49f9f8cf66161caca

C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe

MD5 b96ad6b3be2efdf13980845fff84a3d7
SHA1 b3d8ed271431eab7c4c6a43a6a5556b5f7695aa9
SHA256 4bf82d194408267b8b9d2b4da4c877442a8470fb8fa1d5ba9b149d2a0cdb0b85
SHA512 30c2c3aabd8ea7ba03b7d1fa0530dd2556ec1381c796f5f2c76a27d99c755e1c99e0fda8bd7c3d4aa9bd932d78955e2e0460fc0c605b3eb811630447d5a7361e

memory/4624-364-0x0000000000400000-0x0000000000CE8000-memory.dmp

memory/4624-374-0x0000000000400000-0x0000000000CE8000-memory.dmp

memory/4624-375-0x0000000000400000-0x0000000000CE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe

MD5 2b8f487213f3da1f42779e22d7b02d1a
SHA1 77c96429d6facbd1900290c9cbfed378103b8e01
SHA256 a4da37e92ca54c8851ad144fba875b61e2018f69bbe43b11926d8f8d831b56f0
SHA512 2db88a30fdfc1e859edb7229b2073449b5d57640e484e21d78047fd674fc194c2c790995621b4d0ed7927ec06e8325c7333a1893227e50d38b2559fc267cc6bf

memory/4624-383-0x0000000000400000-0x0000000000CE8000-memory.dmp

memory/4624-384-0x0000000000400000-0x0000000000CE8000-memory.dmp

memory/4624-382-0x0000000000400000-0x0000000000CE8000-memory.dmp

memory/4624-390-0x0000000000400000-0x0000000000CE8000-memory.dmp

C:\Windows\SysWOW64\Files\Mswgoudnv.exe

MD5 de64bb0f39113e48a8499d3401461cf8
SHA1 8d78c2d4701e4596e87e3f09adde214a2a2033e8
SHA256 64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
SHA512 35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179

memory/2392-459-0x0000000000990000-0x0000000000A10000-memory.dmp

memory/5140-466-0x00000000004B0000-0x0000000000530000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe

MD5 b45668e08c03024f2432ff332c319131
SHA1 4bef9109eaeace4107c47858eef2d9d3487e45f0
SHA256 4b5a876b1c230b28c0862d5f8158b3657016709855bf3329d8fea6cada3adbfe
SHA512 538c8471fc0313e68885d4d09140ec3e3374af3464af626195b6387a67b9bae9c3c9fd369d9dc7965decc182d13e8bbf95b4cf96b5ffc78af5d7904d59325bbc

memory/4176-493-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-491-0x0000000005810000-0x00000000058E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe

MD5 e78239a5b0223499bed12a752b893cad
SHA1 a429b46db791f433180ae4993ebb656d2f9393a4
SHA256 80befdb25413d68adbadd8f236a2e8c71b261d8befc04c99749e778b07bcde89
SHA512 cee5d5d4d32e5575852a412f6b3e17f8c0cbafe97fd92c7024934234a23c240dcc1f7a0452e2e5da949dec09dcfeb006e73862c5bbc549a2ab1cfb0241eaddfc

memory/872-1167-0x0000000000F80000-0x00000000011C3000-memory.dmp

memory/872-1312-0x0000000000F80000-0x00000000011C3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gs7DDC.tmp

MD5 e667dc95fc4777dfe2922456ccab51e8
SHA1 63677076ce04a2c46125b2b851a6754aa71de833
SHA256 2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f
SHA512 c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef

memory/5616-1305-0x00000000065F0000-0x0000000006B94000-memory.dmp

memory/5616-1181-0x0000000000FC0000-0x000000000183E000-memory.dmp

memory/4512-892-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe

MD5 35de149d3c81727ea4cce81a09f08581
SHA1 dfa61238834b2f689822ece4f3b9f3c04f46cd0a
SHA256 1803c1f48e626b2ec0e2620649d818ebf546bfe58dffddfbad224f20a8106ba0
SHA512 dc7986c5849b6aa21ce27f0dac697f2a9d069fcd3652f1a50d1d50ab06985b6ea436458cc63dd16d7030be75db7e20c84e62bd05062b06a5ec18e2fca2b50152

memory/6972-1600-0x0000000000010000-0x0000000000028000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp93C4.tmp.bat

MD5 93d96310b8372694fa68deb60fd5fcd5
SHA1 478e24a89d555b26cf0295c7a99e59459e714555
SHA256 9a16a0be6b9f6685e582ed3bf0d219a33556ace7beff81243aab967a1860ddee
SHA512 dd1ed07357867ddda05fd57b9fe300479e89576d7634b98346d144b4951a644f242bacbd7b2b59c1bf8083dc29ce79de8466694e16819b096b1ea4ea4868fcdd

memory/4176-1605-0x00000000059E0000-0x0000000005A2C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df2d1721cd4e4eff7049314710dc7c11
SHA1 f5aed0158b2c0a00302f743841188881d811637a
SHA256 ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA512 11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144556.jpg

MD5 c7dc2dc18b78d46c3bab07b52db7b811
SHA1 0069e38f67b6a4e10f3a488b62f954205f40a633
SHA256 12a181202ef9d72be2105982c5b3e1da14062f712abb51e02f9fd26bebc9e1c0
SHA512 2a62417fe52011dc69d5f842142f7a74972eb8bbc7a5a7f84bebee880d0f0dace75ee03b53d6fae62243837abbc586291536d76f29cb359b4b29de762377d8a8

C:\ProgramData\67yrtg564tr6754yter\654ytrf654trf654ytgref.dat

MD5 d8cbb3f177bc49f4c811988c704ccf88
SHA1 4d29724a02df2a449d61b9bce0c30fa2cd3609a3
SHA256 ce417637a1b2a47272a3937313c585fe60e4adbdb7b5f96f43710f170b63dfb0
SHA512 7d7655dbbe5fdf76efc85274561a8cc7eb53d0e62951311e5e54f6e0d216ad5992dd127f5ea53c23db3d32780f8892880bb5cf87519cac4e21ed6b8e0535a262

memory/5616-1866-0x0000000000FC0000-0x000000000183E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\Client-built.exe

MD5 11563580013b8994395ff739dc37ed4a
SHA1 c527a22166dc153687ca33a8d964687459a6b669
SHA256 7f5817c430e3906dbf287f92d2f5b140272644d7b2e902d2a343cba51c5bc7e1
SHA512 4047470a756067ca4a4a038c080039945f37220fba7554ecad5d4912d4ea8611bd5efa5f72bbc7084ecfdbee3d63e8a163b675639572e2b9f21253f4c6e93e59

C:\Users\Admin\AppData\Local\Temp\Files\mzjfgebm.exe

MD5 4e982fcb4a026c2987735c1360b6d969
SHA1 8c265d26382004d0a1777b0981d5cd933935dfbb
SHA256 2cc45efd900411904734536e38a68bef73802abe048e2c54fd677c06c7b34b72
SHA512 245e6ec29fdaeef1b403917b83aa840a525d6853899f3ba5783694192045d1b71e456eb118b32abf5af10e7350555169999cf3e2fd5c87ef16cf8cc7e4684f82

C:\Users\Admin\AppData\Local\Temp\Files\whiteshadow.exe

MD5 8398fc4aa3a5a5ab6ae7ed394b449d0a
SHA1 820ce4bb8eb51e31effa41e6829e84089b728760
SHA256 f25fab3f64bad2cd989035dd854b761fe06b97e76291bd180991d21d91ea5c22
SHA512 a44ff33aa8b477ee8a2bae6a3ac93da85df9a5fdf906baaa54b2513396df94b304bc626159e4d95561097bd3d112826e4254069320fc95f3fc167d9350234c61

C:\Users\Admin\AppData\Local\Temp\Files\feb9sxwk.exe

MD5 d4e3a11d9468375f793c4c5c2504a374
SHA1 6dc95fc874fcadac1fc135fd521eddbdcb63b1c6
SHA256 0dc03de0ec34caca989f22de1ad61e7bd6bc1eabc6f993dbed2983f4cc33923d
SHA512 9d87f182f02daafad9b21f8a0f5a0eeedb277f60aa2d21bb8eb660945c153503db35821562f12b82a4e84cef848f1b1391c116ff30606cb495cf2e8ce4634217

memory/8876-4287-0x00000000000A0000-0x000000000017A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\WindowsUI.exe

MD5 616b51fce27e45ac6370a4eb0ac463f6
SHA1 be425b40b4da675e9ccf7eb6bc882cb7dcbed05b
SHA256 ba22a9f54751c8fd8b2cfd38cc632bb8b75d54593410468e6ec75bdc0a076ae6
SHA512 7df000e6d4fe7add4370d3ac009717ce9343c4c0c4dbe32ceb23dc5269418c26fd339f7cf37ede6cb96ebe7e3ff1a6090a524f74f64485ba27bd13c893a169b2

C:\Users\Admin\AppData\Local\Temp\Files\Final.exe

MD5 d5b8ac0d80c99e7dda0d9df17c159f3d
SHA1 ae1e0aeb3fbba55999b74047ee2b8bb4e45f108a
SHA256 c330322b774eb263b008178ff707e13b843fd7df62445cca3c52356509c26f78
SHA512 2637cc05aa402832dadbf48431f1add417b69a8351de2a5edae80283da7a6924166ea56bc85865dfa993d88f467d8f540528627e5cbe64cc67ec8d5a3d6655bc

C:\Users\Admin\AppData\Local\Temp\Files\webhook.exe

MD5 5765bde6d3062b30890598996b671db0
SHA1 5b36dcecd5e3ba131fc05973179bffbbec08291d
SHA256 ebc2dba491422a0c420cc22ffe91483fe4885ecfae57baa2ed207252d9afd5de
SHA512 b7522888759ab43921328457c213d77338abc28cb967c645c82f26295dbc498937bb2c52dd7bb9252693ab3b26e221d26ac516acd2e4eb6fee5bf7f9bb7e839f

C:\Users\Admin\AppData\Local\Temp\Files\robotic.exe

MD5 6b1bbe4e391cdfd775780d8502ccbc41
SHA1 a910f7ac9ed8fd57f7455f04e99bcd732bc8241a
SHA256 2999b0ecf157b9f37dcfa1cb4a0ffff73092c416499a356fdb1558d66985e9a3
SHA512 9ad2ca4cc8af0b6185be87d9026da5cdac2c52ff15b0fd2ba333ff3a25016e06a294d7cf5cf32b1869a1f5e3692f071f582ba2151ac16f9be738ea7862ab57d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 90664717e0d6385e2b60c25fd666bb4e
SHA1 86b4384196dd775c723732340d5c0e7f2dad70b1
SHA256 751db7b0aae134a31dad090a8c87945585f31445ee944e59a1915db27f258c85
SHA512 9679ae79b6d9523062f801703bf4d0732a21b1c0ab4369b6d242bcb530d1c1506c0c3a7ecafc9e03f5ba8a42c321a31de744f7c25dd6f0df0d16e86deb730aaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 481d0fda4685ad67336f3db7cbf51e3e
SHA1 d3aa2c2783e2ad5d9414f0461e33b3c517f149c4
SHA256 bb311a4b83a5cd00007a6d80676b8cd62996a82c6bd0c49afde70cb571bd3819
SHA512 072fb323e37fe335a3eb467bd0544865748acd486eeffd73843f533bb37dd232572a7f1c9f3d1ed05c1665d81eaad100ce9fbea1a36e44d5937a8f788f3172aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5814db.TMP

MD5 7dc104cbdead37688057bef26ed12fe8
SHA1 dbdef959a5e45545ba4564ffac879c8d45811cdc
SHA256 f7d190821b6229d6bbf2a1f8ca50157caa5a0a7e539dbbece1a16324240d1cdd
SHA512 afcd1b18dd80fd26d647d3c2f91d38ba9a0b86274dd3647d1344f46ea29b13735c27c162e4aa08aa56b857ba01058415b01d8969c7c90b192c8af6c9bff5de76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\Files\02.08.2022.exe

MD5 41d0e0e338931efb7d8ff33804f99d0d
SHA1 618f80e08ca187bf5866d139e6569e70931912d8
SHA256 7c9ff41945cf9b4eb61dff6f1e6da787916fd8fa441ca281065e4cf786028dab
SHA512 84d3a39a7c0a162a02096085a261d224c0a54f6d9e1cc4235aa72b19e54d5ac35a8bb48bb0c4fc53cb2a9272ce371d618714d0381e08cce6bf3522f46ded40a4

C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144613.jpg

MD5 db45c7ee6cb294e35d61db1d1aeea8d1
SHA1 cb35f2da5f9b27563636732752265f3e875addea
SHA256 4af14a000d98941a25f2bf1319e1f9cf7368930ccb7a82afc9ea6edd93d85a05
SHA512 832372cfe6e62e060f5cc66a2b0734a3879227ccc25f9d13c5e024073ce529203cca5a4a5dd53adce46ddc49ae6b69ed0e34154295907b963564880570834b35

C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe

MD5 95ab25ad6ea4a2a18c08ba4dbe1a06d6
SHA1 dd01fe70a4703b961e58dbd584ac189a44a8ed2b
SHA256 bbe52d4f703bf7b392c7c96ac53b733bbd3db1b21fb533f896fb1330c6f91f24
SHA512 54efd12795e12808f67193e810208ef0ca6cd5415df5648758337c62e47723bcfd750fce5458afdbd2b409feb3bdb67316fab61619093938bf14a4af2bc335d1

C:\Users\Admin\AppData\Local\Temp\Files\setup.exe

MD5 835a2a0a948ed3464df9c5811d56a310
SHA1 561b79f5c0c4c88087557d28870a17cbae80a62d
SHA256 e26ededbe9b8f3d8d61d9d8f60ef652df642b51547d9ca2dee23f2cf3f67bebe
SHA512 edcb59d029a1cddfede46645996072dc18c2be900d9662e0c4fa995ce2fce42c85ec925ec444fb97abc7d7e1e32f3f4aec8a846f97744438a6588e9978daaa6a

C:\Users\Admin\AppData\Local\Temp\Files\scj7cm7v.exe

MD5 9a85b43f62ebde2feb56d9151cc71020
SHA1 d2b2f40f793e62b38e0c3ee9eae21df1a6dabbfe
SHA256 29cb81333a68014750ad292c9620b6242cb0cce51d2a9e8e64e6894e25bbcb54
SHA512 a380ff0385d9167e8eed0e5056b6806ef2c6f50a08c23572f023c92f33c1195f4b7f02e164ad9a505c439d6c5a7f33cbfab0ecd2e49de23584ef35c36ad32122

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 18174f53e4e1883d8d24f2072b2e73aa
SHA1 ecf3dd62adec9feee6d4084bd863b9b149287989
SHA256 d9074d4924668503412e7909f376d55c045e4720c0c2a9ec9ab7ab5f5cfccde5
SHA512 ba8e97962610613d1e42bb5b3e681d5bcd788f5cb0b43c722665ef4df1bf7083c9449f9f0e7e01683d7a360f776573e081b921eba06c8fc39affbf285b318b68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 9797387dc3517ec2ed31f3269298f8c5
SHA1 0afcd0f46670f213df73e61e6ad638332d0c3195
SHA256 9c6e238fb5ba4e1c4d15f3b26745bd5e1e3e1be23e9e0044defdd82b0741cbf5
SHA512 9b9dd1cf7a3afa29de3498d3147a38ddf4ed7a02c0ef8b78c9ae3f1e47630261b4b58f383d65d584fceb884e995d50289b46f39cf06c76f202891fef706faaf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 48482929ca2e70b6b6b0cefc5b8ee28a
SHA1 16745d59f87b117ec6d57cd65c5110f022b1daff
SHA256 905ce4c1186f9d226bcd9ddcfe102c6f25980866e16e03e34fb84ddd23049b80
SHA512 83c4aeaadfc8d592a19054c883223472f5f487873e4057c8dd53c690c119787ae0dabb4065ffe81b2485952b2cb27c2d4f3314686843d03732d5019dbf5c63cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cfe22aea80b747468416654e41ccd4e
SHA1 e24d623f7a2652aff0d4cd1ccbad285055583fe2
SHA256 1bcdec88ce0eb5541d95101ee3a8fb23a150c9f237ae0f43cc709a6faecfa3ca
SHA512 52cb04e7b775a35afaba8f979bd968cdff30c68eabcf1ced6450fa0c9f052680cb849c9a37373cef4eb1cdb7ecafe62e7ec91d883ad5f15f4db02e5f2ce6ee95

C:\ProgramData\67yrtg564tr6754yter\654ytrf654trf654ytgref.dat

MD5 b0a15398e99886dd58cb19bfc21a684c
SHA1 4e671f34a8326344f1f45861cec340ce12167e78
SHA256 b76c33f8a5bbbb86c7191892cf77b67d25dc38a8dd86c7f726728d526445c4d2
SHA512 6aa6152bd35ca945826f680c6e4e6460d82f7354d87ce65cd030f127a52873d95669b3d9b571ca9dacbaae75da87b04f10008fe3405c4aae65d3f65540431cf6

C:\Users\Admin\AppData\Local\Temp\Files\2020.exe

MD5 95606667ac40795394f910864b1f8cc4
SHA1 e7de36b5e85369d55a948bedb2391f8fae2da9cf
SHA256 6f2964216c81a6f67309680b7590dfd4df31a19c7fc73917fa8057b9a194b617
SHA512 fab43d361900a8d7f1a17c51455d4eedbbd3aec23d11cdb92ec1fb339fc018701320f18a2a6b63285aaafafea30fa614777d30cdf410ffd7698a48437760a142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\7373ba36-f479-4190-b7d3-604dd3453be9.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144559.jpg

MD5 54d82928086ed43c56083dfd7d19d5e5
SHA1 e5982c02fee0bfbdd18a3418520804ea9c665166
SHA256 d080355850e4f00847ad6f28d12338dd7f39f99e46a0ff73e9a1bb71d416ec12
SHA512 3f71fc65739808e8f05a2a1ae0c65d191f126e09240f9a3bbd075792b8b01c8d66524c02af72ee50bfd64f911b433f4897e5075717c1af6289a3351fcddf0a82

\??\pipe\crashpad_6628_SVKKXGZNBGPNLOSY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16461011ba63c2fed608c8f27d4e74a7
SHA1 e372196c8c7ed1b2f770c1d267eb5db3f1301ed3
SHA256 71eb364f11a837ad4f348432257dc3db1cf54c3a16acba824e1dfd2ef0704938
SHA512 0e6d79ef0987d1d916664d09660dffed7ac833c9132c58405bdb5354d1db58a464810b6c736c1932a8143b6beade90a5f264efef6d2937b13f7e5a94957d3ace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1166bb96425ada08dd8c95fc7824be4
SHA1 e16e42d0ba5953da66b45a39f84338a225e97aef
SHA256 416dc9544b9e552d2a8fcda922395a4af518a86abc2751161d9f77a4be11dc51
SHA512 f9f05a448cf27ff3635c23882caf3f1dd00167b8972261eefa9a75b7355781eaba279aa73bf70ebcdf751e0ad87c6e57ec5ab792284d67c8fa603c0c63386e9a

memory/4176-1604-0x0000000005980000-0x00000000059D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144551.jpg

MD5 0fcadf46723926ae7420f2c56308a19d
SHA1 7810798586721a82d98c0be06484dd5b5cd9b901
SHA256 da289b6f1339860439a2395d5a84155128f24c48cfe90a8c695708f471cba843
SHA512 408e892a065a43889661f97679e19dd43ab968379f285f208040f2b9bbaa59e8c0f622a808234556a0e5c7d32367c2846fdc7c617fa810a2b3d7dc66085633d2

memory/4176-489-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-487-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-485-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-483-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-478-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/5616-476-0x0000000000FC0000-0x000000000183E000-memory.dmp

memory/4176-481-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/4176-479-0x0000000005810000-0x00000000058E8000-memory.dmp

memory/748-475-0x0000000000610000-0x0000000000611000-memory.dmp

memory/4176-471-0x0000000005810000-0x00000000058EE000-memory.dmp

memory/2392-469-0x0000000000990000-0x0000000000A10000-memory.dmp

memory/5140-467-0x00000000004B0000-0x0000000000530000-memory.dmp

memory/4176-465-0x0000000005560000-0x000000000563C000-memory.dmp

memory/4176-464-0x0000000000DC0000-0x0000000000EAE000-memory.dmp

memory/2392-452-0x0000000000990000-0x0000000000A10000-memory.dmp

memory/2968-447-0x0000000000900000-0x0000000000980000-memory.dmp

memory/2968-446-0x0000000000900000-0x0000000000980000-memory.dmp

memory/2392-458-0x0000000000990000-0x0000000000A10000-memory.dmp

memory/2392-453-0x0000000000990000-0x0000000000A10000-memory.dmp

memory/2968-441-0x0000000000900000-0x0000000000980000-memory.dmp

memory/2968-435-0x0000000000900000-0x0000000000980000-memory.dmp

memory/2968-434-0x0000000000900000-0x0000000000980000-memory.dmp

memory/2392-451-0x0000000000990000-0x0000000000A10000-memory.dmp