Analysis Overview
SHA256
12fce52d084a8c7efa638c88fa2307bca7c038a49fe566ebb05533cacf17efbd
Threat Level: Known bad
The file 4363463463464363463463463.zip.zip was found to be: Known bad.
Malicious Activity Summary
Stealc
Stealc family
Xworm family
Asyncrat family
AsyncRat
Xred family
Xworm
Quasar family
Detect Xworm Payload
Remcos family
Quasar RAT
Xred
Remcos
Quasar payload
Async RAT payload
Downloads MZ/PE file
Themida packer
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Detects Pyinstaller
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Program crash
Scheduled Task/Job: Scheduled Task
Modifies registry class
Modifies registry key
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-14 14:45
Signatures
Xred family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-14 14:45
Reported
2025-04-14 14:47
Platform
win10v2004-20250314-en
Max time kernel
2s
Max time network
77s
Command Line
Signatures
AsyncRat
Asyncrat family
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Remcos
Remcos family
Stealc
Stealc family
Xred
Xred family
Xworm
Xworm family
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\._cache_Synaptics.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\._cache_Synaptics.exe | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| File created | C:\Windows\SysWOW64\._cache_Synaptics.exe | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | |
| N/A | N/A | N/A | C:\Windows\system32\cmd.exe |
| N/A | N/A | N/A | |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\._cache_Synaptics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe | N/A |
Modifies registry key
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
C:\ProgramData\Synaptics\Synaptics.exe
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
C:\Windows\SysWOW64\._cache_Synaptics.exe
"C:\Windows\system32\._cache_Synaptics.exe"
C:\Windows\SysWOW64\Files\ddosziller.exe
"C:\Windows\System32\Files\ddosziller.exe"
C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\Files\hiya.exe
"C:\Windows\System32\Files\hiya.exe"
C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe
"C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe"
C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe
"C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\Files\Mswgoudnv.exe
"C:\Windows\System32\Files\Mswgoudnv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe
"C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x440
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "tesst" /tr '"C:\Users\Admin\AppData\Roaming\tesst.exe"' & exit
C:\Windows\SysWOW64\Files\NOTallowedtocrypt.exe
"C:\Windows\System32\Files\NOTallowedtocrypt.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp93C4.tmp.bat""
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe
"C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.funletters.net/readme.htm
C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffa7432f208,0x7ffa7432f214,0x7ffa7432f220
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "tesst" /tr '"C:\Users\Admin\AppData\Roaming\tesst.exe"'
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1692,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2440,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1892,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:8
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4824,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5768,i,17406970905158857367,11479452822064574037,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\tesst.exe
"C:\Users\Admin\AppData\Roaming\tesst.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\Files\2020.exe
"C:\Users\Admin\AppData\Local\Temp\Files\2020.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Local\Temp\Files\2020.exe
"C:\Users\Admin\AppData\Local\Temp\Files\2020.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 16892 -ip 16892
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 16892 -s 528
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 15684 -ip 15684
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 8308 -ip 8308
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3120 -ip 3120
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 15568 -ip 15568
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 1464 -ip 1464
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 11736 -ip 11736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10336 -ip 10336
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15936 -ip 15936
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7360 -ip 7360
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 7512 -ip 7512
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 12984 -ip 12984
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9716 -ip 9716
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 15592 -ip 15592
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 16792 -s 1100
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15592 -s 1092
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10284 -ip 10284
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe
"C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6700 -ip 6700
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 15536 -ip 15536
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8912 -ip 8912
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
"C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 9296 -ip 9296
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7664 -ip 7664
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 20196 -ip 20196
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 408
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| RU | 185.215.113.209:80 | 185.215.113.209 | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | funletters.net | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 208.122.221.162:80 | funletters.net | tcp |
| RU | 185.215.113.209:80 | 185.215.113.209 | tcp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | download.suxiazai.com | udp |
| CN | 1.180.210.62:80 | download.suxiazai.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | dfq.aldanbue.com | udp |
| US | 104.21.16.1:80 | dfq.aldanbue.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| RU | 185.215.113.209:80 | 185.215.113.209 | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | www.funletters.net | udp |
| US | 8.8.8.8:53 | www.funletters.net | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.funletters.net | udp |
| US | 8.8.8.8:53 | www.funletters.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 88.221.135.26:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 208.122.221.162:443 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 8.8.8.8:53 | acpressions.com | udp |
| US | 8.8.8.8:53 | acpressions.com | udp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 8.8.8.8:53 | acpressions.com | udp |
| US | 8.8.8.8:53 | acpressions.com | udp |
| US | 172.67.213.7:443 | acpressions.com | udp |
| US | 172.67.213.7:443 | acpressions.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| IT | 185.225.73.67:1050 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| IT | 185.225.73.67:1050 | tcp | |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.225:443 | ep2.adtrafficquality.google | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ftp.ywxww.net | udp |
| CN | 60.191.208.187:820 | ftp.ywxww.net | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | pub-cba497f350194e308a09f98ef358c552.r2.dev | udp |
| US | 162.159.140.237:443 | pub-cba497f350194e308a09f98ef358c552.r2.dev | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 20.169.41.5:8086 | 20.169.41.5 | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| RS | 79.101.0.33:80 | 79.101.0.33 | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| IT | 185.225.73.67:1050 | tcp | |
| GB | 142.250.179.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.200.1:443 | drive.usercontent.google.com | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | ratlordvc.ddns.net | udp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| IT | 185.225.73.67:1050 | tcp | |
| IT | 185.225.73.67:1050 | tcp |
Files
memory/5128-0-0x0000000002250000-0x0000000002251000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\._cache_4363463463464363463463463.exe
| MD5 | 2a94f3960c58c6e70826495f76d00b85 |
| SHA1 | e2a1a5641295f5ebf01a37ac1c170ac0814bb71a |
| SHA256 | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce |
| SHA512 | fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 85e3d4ac5a6ef32fb93764c090ef32b7 |
| SHA1 | adedb0aab26d15cf96f66fda8b4cfbbdcc15ef52 |
| SHA256 | 4e5cc8cb98584335400d00f0a0803c3e0202761f3fbe50bcab3858a80df255e1 |
| SHA512 | a7a037bde41bcd425be18a712e27a793185f7fde638e139bbd9d253c371cd9622385eda39cf91ab715ead2591cff5b8c9f5b31d903f138d8af7bab6a9001ccab |
memory/5128-127-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/748-129-0x0000000000610000-0x0000000000611000-memory.dmp
memory/4512-132-0x0000000074A7E000-0x0000000074A7F000-memory.dmp
memory/4512-133-0x0000000000070000-0x0000000000078000-memory.dmp
memory/4512-183-0x0000000004950000-0x00000000049EC000-memory.dmp
memory/5848-243-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp
memory/5848-244-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp
memory/5848-245-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp
memory/5848-248-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp
memory/5848-247-0x00007FFA5B130000-0x00007FFA5B140000-memory.dmp
memory/456-258-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/5848-259-0x00007FFA58BA0000-0x00007FFA58BB0000-memory.dmp
memory/5848-261-0x00007FFA58BA0000-0x00007FFA58BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\crypted.exe
| MD5 | 4c4b53e5e75c14252ea3b8bf17a88f4b |
| SHA1 | 08c04b83d2c288346d77ec7bc824be8d7e34e40f |
| SHA256 | 799b9238ec23d902f6a9172e6df87f41faff3f639747f5f70478065a35a37598 |
| SHA512 | d6738721bcb0ec556a91effaf35c2795257dd0bbe6b038beb2d7843a2f490d66e75cc323dd154216350deee05b47aab6740efe12b869bac6bd299b9a2da699a6 |
C:\Windows\SysWOW64\Files\ddosziller.exe
| MD5 | fcd50c790fc613bb52c7cea78a90d7ba |
| SHA1 | 06197d1e57e63af0b898de2b8388c447e2c6cc71 |
| SHA256 | 1a626198cb756125b04335293477b64d6bf0b8c1a3c9dbee117afd247fa477d6 |
| SHA512 | 1e9c923d08fae0818ba190efa1f7199ded9a04687022832730107cc9f9383262da14555d06f366df2b73123182ad4c9033a7205efc75b9535e39b8e676aef86c |
C:\Users\Admin\AppData\Local\Temp\y7z3QnYA.xlsm
| MD5 | e566fc53051035e1e6fd0ed1823de0f9 |
| SHA1 | 00bc96c48b98676ecd67e81a6f1d7754e4156044 |
| SHA256 | 8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15 |
| SHA512 | a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04 |
memory/336-284-0x00000000004D0000-0x00000000004E2000-memory.dmp
memory/1844-285-0x0000000000A20000-0x0000000000A9A000-memory.dmp
memory/1844-286-0x00000000053E0000-0x00000000053E1000-memory.dmp
memory/1844-288-0x00000000053E0000-0x00000000053E1000-memory.dmp
memory/1052-291-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1052-289-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1052-287-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\SysWOW64\Files\hiya.exe
| MD5 | 7f0257538089cd55fecc03bb86a1efe4 |
| SHA1 | 50850beedb570d80971eaedba25c5ea9ba645feb |
| SHA256 | 0809c80c42e094b2695efbe1ca0532bc494b40c1fbd5967b05979c2077633e1f |
| SHA512 | 542e1f179976d4d8b370fd81e7633c6fdb33fe0b596e48170b31a04195f9809dc1a2268b6012f001dcd3ed62b068b8a34acc9a3450f1817206ffb1352447cebc |
C:\Users\Admin\AppData\Local\Temp\GS7D9C.tmp
| MD5 | 7d46ea623eba5073b7e3a2834fe58cc9 |
| SHA1 | 29ad585cdf812c92a7f07ab2e124a0d2721fe727 |
| SHA256 | 4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5 |
| SHA512 | a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca |
C:\Users\Admin\AppData\Local\Temp\EE775E00
| MD5 | 7be55b0038ca71114838c56a4da26198 |
| SHA1 | 7be5a6ee059a9f1884c65d25643696c352565ff0 |
| SHA256 | 0604a6f49c4def45458a30fec41b210fcd906b2f54572350310932a454546a59 |
| SHA512 | afd440378daca43207514138e01728cc2d477d9c2a8513a09aebfaf32fe904cd8ea95aa0f8f9f0c0cc20f1330c1963823445eaa40eb783e49f9f8cf66161caca |
C:\Users\Admin\AppData\Local\Temp\Files\d4cye08a.exe
| MD5 | b96ad6b3be2efdf13980845fff84a3d7 |
| SHA1 | b3d8ed271431eab7c4c6a43a6a5556b5f7695aa9 |
| SHA256 | 4bf82d194408267b8b9d2b4da4c877442a8470fb8fa1d5ba9b149d2a0cdb0b85 |
| SHA512 | 30c2c3aabd8ea7ba03b7d1fa0530dd2556ec1381c796f5f2c76a27d99c755e1c99e0fda8bd7c3d4aa9bd932d78955e2e0460fc0c605b3eb811630447d5a7361e |
memory/4624-364-0x0000000000400000-0x0000000000CE8000-memory.dmp
memory/4624-374-0x0000000000400000-0x0000000000CE8000-memory.dmp
memory/4624-375-0x0000000000400000-0x0000000000CE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\NOTallowedtocrypt.exe
| MD5 | 2b8f487213f3da1f42779e22d7b02d1a |
| SHA1 | 77c96429d6facbd1900290c9cbfed378103b8e01 |
| SHA256 | a4da37e92ca54c8851ad144fba875b61e2018f69bbe43b11926d8f8d831b56f0 |
| SHA512 | 2db88a30fdfc1e859edb7229b2073449b5d57640e484e21d78047fd674fc194c2c790995621b4d0ed7927ec06e8325c7333a1893227e50d38b2559fc267cc6bf |
memory/4624-383-0x0000000000400000-0x0000000000CE8000-memory.dmp
memory/4624-384-0x0000000000400000-0x0000000000CE8000-memory.dmp
memory/4624-382-0x0000000000400000-0x0000000000CE8000-memory.dmp
memory/4624-390-0x0000000000400000-0x0000000000CE8000-memory.dmp
C:\Windows\SysWOW64\Files\Mswgoudnv.exe
| MD5 | de64bb0f39113e48a8499d3401461cf8 |
| SHA1 | 8d78c2d4701e4596e87e3f09adde214a2a2033e8 |
| SHA256 | 64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a |
| SHA512 | 35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179 |
memory/2392-459-0x0000000000990000-0x0000000000A10000-memory.dmp
memory/5140-466-0x00000000004B0000-0x0000000000530000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe
| MD5 | b45668e08c03024f2432ff332c319131 |
| SHA1 | 4bef9109eaeace4107c47858eef2d9d3487e45f0 |
| SHA256 | 4b5a876b1c230b28c0862d5f8158b3657016709855bf3329d8fea6cada3adbfe |
| SHA512 | 538c8471fc0313e68885d4d09140ec3e3374af3464af626195b6387a67b9bae9c3c9fd369d9dc7965decc182d13e8bbf95b4cf96b5ffc78af5d7904d59325bbc |
memory/4176-493-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-491-0x0000000005810000-0x00000000058E8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\stealc_default.exe
| MD5 | e78239a5b0223499bed12a752b893cad |
| SHA1 | a429b46db791f433180ae4993ebb656d2f9393a4 |
| SHA256 | 80befdb25413d68adbadd8f236a2e8c71b261d8befc04c99749e778b07bcde89 |
| SHA512 | cee5d5d4d32e5575852a412f6b3e17f8c0cbafe97fd92c7024934234a23c240dcc1f7a0452e2e5da949dec09dcfeb006e73862c5bbc549a2ab1cfb0241eaddfc |
memory/872-1167-0x0000000000F80000-0x00000000011C3000-memory.dmp
memory/872-1312-0x0000000000F80000-0x00000000011C3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gs7DDC.tmp
| MD5 | e667dc95fc4777dfe2922456ccab51e8 |
| SHA1 | 63677076ce04a2c46125b2b851a6754aa71de833 |
| SHA256 | 2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f |
| SHA512 | c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef |
memory/5616-1305-0x00000000065F0000-0x0000000006B94000-memory.dmp
memory/5616-1181-0x0000000000FC0000-0x000000000183E000-memory.dmp
memory/4512-892-0x0000000074A7E000-0x0000000074A7F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\svchost.exe
| MD5 | 35de149d3c81727ea4cce81a09f08581 |
| SHA1 | dfa61238834b2f689822ece4f3b9f3c04f46cd0a |
| SHA256 | 1803c1f48e626b2ec0e2620649d818ebf546bfe58dffddfbad224f20a8106ba0 |
| SHA512 | dc7986c5849b6aa21ce27f0dac697f2a9d069fcd3652f1a50d1d50ab06985b6ea436458cc63dd16d7030be75db7e20c84e62bd05062b06a5ec18e2fca2b50152 |
memory/6972-1600-0x0000000000010000-0x0000000000028000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp93C4.tmp.bat
| MD5 | 93d96310b8372694fa68deb60fd5fcd5 |
| SHA1 | 478e24a89d555b26cf0295c7a99e59459e714555 |
| SHA256 | 9a16a0be6b9f6685e582ed3bf0d219a33556ace7beff81243aab967a1860ddee |
| SHA512 | dd1ed07357867ddda05fd57b9fe300479e89576d7634b98346d144b4951a644f242bacbd7b2b59c1bf8083dc29ce79de8466694e16819b096b1ea4ea4868fcdd |
memory/4176-1605-0x00000000059E0000-0x0000000005A2C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | df2d1721cd4e4eff7049314710dc7c11 |
| SHA1 | f5aed0158b2c0a00302f743841188881d811637a |
| SHA256 | ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93 |
| SHA512 | 11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4 |
C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144556.jpg
| MD5 | c7dc2dc18b78d46c3bab07b52db7b811 |
| SHA1 | 0069e38f67b6a4e10f3a488b62f954205f40a633 |
| SHA256 | 12a181202ef9d72be2105982c5b3e1da14062f712abb51e02f9fd26bebc9e1c0 |
| SHA512 | 2a62417fe52011dc69d5f842142f7a74972eb8bbc7a5a7f84bebee880d0f0dace75ee03b53d6fae62243837abbc586291536d76f29cb359b4b29de762377d8a8 |
C:\ProgramData\67yrtg564tr6754yter\654ytrf654trf654ytgref.dat
| MD5 | d8cbb3f177bc49f4c811988c704ccf88 |
| SHA1 | 4d29724a02df2a449d61b9bce0c30fa2cd3609a3 |
| SHA256 | ce417637a1b2a47272a3937313c585fe60e4adbdb7b5f96f43710f170b63dfb0 |
| SHA512 | 7d7655dbbe5fdf76efc85274561a8cc7eb53d0e62951311e5e54f6e0d216ad5992dd127f5ea53c23db3d32780f8892880bb5cf87519cac4e21ed6b8e0535a262 |
memory/5616-1866-0x0000000000FC0000-0x000000000183E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\Client-built.exe
| MD5 | 11563580013b8994395ff739dc37ed4a |
| SHA1 | c527a22166dc153687ca33a8d964687459a6b669 |
| SHA256 | 7f5817c430e3906dbf287f92d2f5b140272644d7b2e902d2a343cba51c5bc7e1 |
| SHA512 | 4047470a756067ca4a4a038c080039945f37220fba7554ecad5d4912d4ea8611bd5efa5f72bbc7084ecfdbee3d63e8a163b675639572e2b9f21253f4c6e93e59 |
C:\Users\Admin\AppData\Local\Temp\Files\mzjfgebm.exe
| MD5 | 4e982fcb4a026c2987735c1360b6d969 |
| SHA1 | 8c265d26382004d0a1777b0981d5cd933935dfbb |
| SHA256 | 2cc45efd900411904734536e38a68bef73802abe048e2c54fd677c06c7b34b72 |
| SHA512 | 245e6ec29fdaeef1b403917b83aa840a525d6853899f3ba5783694192045d1b71e456eb118b32abf5af10e7350555169999cf3e2fd5c87ef16cf8cc7e4684f82 |
C:\Users\Admin\AppData\Local\Temp\Files\whiteshadow.exe
| MD5 | 8398fc4aa3a5a5ab6ae7ed394b449d0a |
| SHA1 | 820ce4bb8eb51e31effa41e6829e84089b728760 |
| SHA256 | f25fab3f64bad2cd989035dd854b761fe06b97e76291bd180991d21d91ea5c22 |
| SHA512 | a44ff33aa8b477ee8a2bae6a3ac93da85df9a5fdf906baaa54b2513396df94b304bc626159e4d95561097bd3d112826e4254069320fc95f3fc167d9350234c61 |
C:\Users\Admin\AppData\Local\Temp\Files\feb9sxwk.exe
| MD5 | d4e3a11d9468375f793c4c5c2504a374 |
| SHA1 | 6dc95fc874fcadac1fc135fd521eddbdcb63b1c6 |
| SHA256 | 0dc03de0ec34caca989f22de1ad61e7bd6bc1eabc6f993dbed2983f4cc33923d |
| SHA512 | 9d87f182f02daafad9b21f8a0f5a0eeedb277f60aa2d21bb8eb660945c153503db35821562f12b82a4e84cef848f1b1391c116ff30606cb495cf2e8ce4634217 |
memory/8876-4287-0x00000000000A0000-0x000000000017A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Files\WindowsUI.exe
| MD5 | 616b51fce27e45ac6370a4eb0ac463f6 |
| SHA1 | be425b40b4da675e9ccf7eb6bc882cb7dcbed05b |
| SHA256 | ba22a9f54751c8fd8b2cfd38cc632bb8b75d54593410468e6ec75bdc0a076ae6 |
| SHA512 | 7df000e6d4fe7add4370d3ac009717ce9343c4c0c4dbe32ceb23dc5269418c26fd339f7cf37ede6cb96ebe7e3ff1a6090a524f74f64485ba27bd13c893a169b2 |
C:\Users\Admin\AppData\Local\Temp\Files\Final.exe
| MD5 | d5b8ac0d80c99e7dda0d9df17c159f3d |
| SHA1 | ae1e0aeb3fbba55999b74047ee2b8bb4e45f108a |
| SHA256 | c330322b774eb263b008178ff707e13b843fd7df62445cca3c52356509c26f78 |
| SHA512 | 2637cc05aa402832dadbf48431f1add417b69a8351de2a5edae80283da7a6924166ea56bc85865dfa993d88f467d8f540528627e5cbe64cc67ec8d5a3d6655bc |
C:\Users\Admin\AppData\Local\Temp\Files\webhook.exe
| MD5 | 5765bde6d3062b30890598996b671db0 |
| SHA1 | 5b36dcecd5e3ba131fc05973179bffbbec08291d |
| SHA256 | ebc2dba491422a0c420cc22ffe91483fe4885ecfae57baa2ed207252d9afd5de |
| SHA512 | b7522888759ab43921328457c213d77338abc28cb967c645c82f26295dbc498937bb2c52dd7bb9252693ab3b26e221d26ac516acd2e4eb6fee5bf7f9bb7e839f |
C:\Users\Admin\AppData\Local\Temp\Files\robotic.exe
| MD5 | 6b1bbe4e391cdfd775780d8502ccbc41 |
| SHA1 | a910f7ac9ed8fd57f7455f04e99bcd732bc8241a |
| SHA256 | 2999b0ecf157b9f37dcfa1cb4a0ffff73092c416499a356fdb1558d66985e9a3 |
| SHA512 | 9ad2ca4cc8af0b6185be87d9026da5cdac2c52ff15b0fd2ba333ff3a25016e06a294d7cf5cf32b1869a1f5e3692f071f582ba2151ac16f9be738ea7862ab57d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 90664717e0d6385e2b60c25fd666bb4e |
| SHA1 | 86b4384196dd775c723732340d5c0e7f2dad70b1 |
| SHA256 | 751db7b0aae134a31dad090a8c87945585f31445ee944e59a1915db27f258c85 |
| SHA512 | 9679ae79b6d9523062f801703bf4d0732a21b1c0ab4369b6d242bcb530d1c1506c0c3a7ecafc9e03f5ba8a42c321a31de744f7c25dd6f0df0d16e86deb730aaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 481d0fda4685ad67336f3db7cbf51e3e |
| SHA1 | d3aa2c2783e2ad5d9414f0461e33b3c517f149c4 |
| SHA256 | bb311a4b83a5cd00007a6d80676b8cd62996a82c6bd0c49afde70cb571bd3819 |
| SHA512 | 072fb323e37fe335a3eb467bd0544865748acd486eeffd73843f533bb37dd232572a7f1c9f3d1ed05c1665d81eaad100ce9fbea1a36e44d5937a8f788f3172aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5814db.TMP
| MD5 | 7dc104cbdead37688057bef26ed12fe8 |
| SHA1 | dbdef959a5e45545ba4564ffac879c8d45811cdc |
| SHA256 | f7d190821b6229d6bbf2a1f8ca50157caa5a0a7e539dbbece1a16324240d1cdd |
| SHA512 | afcd1b18dd80fd26d647d3c2f91d38ba9a0b86274dd3647d1344f46ea29b13735c27c162e4aa08aa56b857ba01058415b01d8969c7c90b192c8af6c9bff5de76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Files\02.08.2022.exe
| MD5 | 41d0e0e338931efb7d8ff33804f99d0d |
| SHA1 | 618f80e08ca187bf5866d139e6569e70931912d8 |
| SHA256 | 7c9ff41945cf9b4eb61dff6f1e6da787916fd8fa441ca281065e4cf786028dab |
| SHA512 | 84d3a39a7c0a162a02096085a261d224c0a54f6d9e1cc4235aa72b19e54d5ac35a8bb48bb0c4fc53cb2a9272ce371d618714d0381e08cce6bf3522f46ded40a4 |
C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144613.jpg
| MD5 | db45c7ee6cb294e35d61db1d1aeea8d1 |
| SHA1 | cb35f2da5f9b27563636732752265f3e875addea |
| SHA256 | 4af14a000d98941a25f2bf1319e1f9cf7368930ccb7a82afc9ea6edd93d85a05 |
| SHA512 | 832372cfe6e62e060f5cc66a2b0734a3879227ccc25f9d13c5e024073ce529203cca5a4a5dd53adce46ddc49ae6b69ed0e34154295907b963564880570834b35 |
C:\Users\Admin\AppData\Local\Temp\Files\installer_ver12.22.exe
| MD5 | 95ab25ad6ea4a2a18c08ba4dbe1a06d6 |
| SHA1 | dd01fe70a4703b961e58dbd584ac189a44a8ed2b |
| SHA256 | bbe52d4f703bf7b392c7c96ac53b733bbd3db1b21fb533f896fb1330c6f91f24 |
| SHA512 | 54efd12795e12808f67193e810208ef0ca6cd5415df5648758337c62e47723bcfd750fce5458afdbd2b409feb3bdb67316fab61619093938bf14a4af2bc335d1 |
C:\Users\Admin\AppData\Local\Temp\Files\setup.exe
| MD5 | 835a2a0a948ed3464df9c5811d56a310 |
| SHA1 | 561b79f5c0c4c88087557d28870a17cbae80a62d |
| SHA256 | e26ededbe9b8f3d8d61d9d8f60ef652df642b51547d9ca2dee23f2cf3f67bebe |
| SHA512 | edcb59d029a1cddfede46645996072dc18c2be900d9662e0c4fa995ce2fce42c85ec925ec444fb97abc7d7e1e32f3f4aec8a846f97744438a6588e9978daaa6a |
C:\Users\Admin\AppData\Local\Temp\Files\scj7cm7v.exe
| MD5 | 9a85b43f62ebde2feb56d9151cc71020 |
| SHA1 | d2b2f40f793e62b38e0c3ee9eae21df1a6dabbfe |
| SHA256 | 29cb81333a68014750ad292c9620b6242cb0cce51d2a9e8e64e6894e25bbcb54 |
| SHA512 | a380ff0385d9167e8eed0e5056b6806ef2c6f50a08c23572f023c92f33c1195f4b7f02e164ad9a505c439d6c5a7f33cbfab0ecd2e49de23584ef35c36ad32122 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 18174f53e4e1883d8d24f2072b2e73aa |
| SHA1 | ecf3dd62adec9feee6d4084bd863b9b149287989 |
| SHA256 | d9074d4924668503412e7909f376d55c045e4720c0c2a9ec9ab7ab5f5cfccde5 |
| SHA512 | ba8e97962610613d1e42bb5b3e681d5bcd788f5cb0b43c722665ef4df1bf7083c9449f9f0e7e01683d7a360f776573e081b921eba06c8fc39affbf285b318b68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9797387dc3517ec2ed31f3269298f8c5 |
| SHA1 | 0afcd0f46670f213df73e61e6ad638332d0c3195 |
| SHA256 | 9c6e238fb5ba4e1c4d15f3b26745bd5e1e3e1be23e9e0044defdd82b0741cbf5 |
| SHA512 | 9b9dd1cf7a3afa29de3498d3147a38ddf4ed7a02c0ef8b78c9ae3f1e47630261b4b58f383d65d584fceb884e995d50289b46f39cf06c76f202891fef706faaf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48482929ca2e70b6b6b0cefc5b8ee28a |
| SHA1 | 16745d59f87b117ec6d57cd65c5110f022b1daff |
| SHA256 | 905ce4c1186f9d226bcd9ddcfe102c6f25980866e16e03e34fb84ddd23049b80 |
| SHA512 | 83c4aeaadfc8d592a19054c883223472f5f487873e4057c8dd53c690c119787ae0dabb4065ffe81b2485952b2cb27c2d4f3314686843d03732d5019dbf5c63cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cfe22aea80b747468416654e41ccd4e |
| SHA1 | e24d623f7a2652aff0d4cd1ccbad285055583fe2 |
| SHA256 | 1bcdec88ce0eb5541d95101ee3a8fb23a150c9f237ae0f43cc709a6faecfa3ca |
| SHA512 | 52cb04e7b775a35afaba8f979bd968cdff30c68eabcf1ced6450fa0c9f052680cb849c9a37373cef4eb1cdb7ecafe62e7ec91d883ad5f15f4db02e5f2ce6ee95 |
C:\ProgramData\67yrtg564tr6754yter\654ytrf654trf654ytgref.dat
| MD5 | b0a15398e99886dd58cb19bfc21a684c |
| SHA1 | 4e671f34a8326344f1f45861cec340ce12167e78 |
| SHA256 | b76c33f8a5bbbb86c7191892cf77b67d25dc38a8dd86c7f726728d526445c4d2 |
| SHA512 | 6aa6152bd35ca945826f680c6e4e6460d82f7354d87ce65cd030f127a52873d95669b3d9b571ca9dacbaae75da87b04f10008fe3405c4aae65d3f65540431cf6 |
C:\Users\Admin\AppData\Local\Temp\Files\2020.exe
| MD5 | 95606667ac40795394f910864b1f8cc4 |
| SHA1 | e7de36b5e85369d55a948bedb2391f8fae2da9cf |
| SHA256 | 6f2964216c81a6f67309680b7590dfd4df31a19c7fc73917fa8057b9a194b617 |
| SHA512 | fab43d361900a8d7f1a17c51455d4eedbbd3aec23d11cdb92ec1fb339fc018701320f18a2a6b63285aaafafea30fa614777d30cdf410ffd7698a48437760a142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\7373ba36-f479-4190-b7d3-604dd3453be9.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144559.jpg
| MD5 | 54d82928086ed43c56083dfd7d19d5e5 |
| SHA1 | e5982c02fee0bfbdd18a3418520804ea9c665166 |
| SHA256 | d080355850e4f00847ad6f28d12338dd7f39f99e46a0ff73e9a1bb71d416ec12 |
| SHA512 | 3f71fc65739808e8f05a2a1ae0c65d191f126e09240f9a3bbd075792b8b01c8d66524c02af72ee50bfd64f911b433f4897e5075717c1af6289a3351fcddf0a82 |
\??\pipe\crashpad_6628_SVKKXGZNBGPNLOSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16461011ba63c2fed608c8f27d4e74a7 |
| SHA1 | e372196c8c7ed1b2f770c1d267eb5db3f1301ed3 |
| SHA256 | 71eb364f11a837ad4f348432257dc3db1cf54c3a16acba824e1dfd2ef0704938 |
| SHA512 | 0e6d79ef0987d1d916664d09660dffed7ac833c9132c58405bdb5354d1db58a464810b6c736c1932a8143b6beade90a5f264efef6d2937b13f7e5a94957d3ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1166bb96425ada08dd8c95fc7824be4 |
| SHA1 | e16e42d0ba5953da66b45a39f84338a225e97aef |
| SHA256 | 416dc9544b9e552d2a8fcda922395a4af518a86abc2751161d9f77a4be11dc51 |
| SHA512 | f9f05a448cf27ff3635c23882caf3f1dd00167b8972261eefa9a75b7355781eaba279aa73bf70ebcdf751e0ad87c6e57ec5ab792284d67c8fa603c0c63386e9a |
memory/4176-1604-0x0000000005980000-0x00000000059D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\67y4htergf65trgewfd654tyrfg\time_20250414_144551.jpg
| MD5 | 0fcadf46723926ae7420f2c56308a19d |
| SHA1 | 7810798586721a82d98c0be06484dd5b5cd9b901 |
| SHA256 | da289b6f1339860439a2395d5a84155128f24c48cfe90a8c695708f471cba843 |
| SHA512 | 408e892a065a43889661f97679e19dd43ab968379f285f208040f2b9bbaa59e8c0f622a808234556a0e5c7d32367c2846fdc7c617fa810a2b3d7dc66085633d2 |
memory/4176-489-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-487-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-485-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-483-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-478-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/5616-476-0x0000000000FC0000-0x000000000183E000-memory.dmp
memory/4176-481-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/4176-479-0x0000000005810000-0x00000000058E8000-memory.dmp
memory/748-475-0x0000000000610000-0x0000000000611000-memory.dmp
memory/4176-471-0x0000000005810000-0x00000000058EE000-memory.dmp
memory/2392-469-0x0000000000990000-0x0000000000A10000-memory.dmp
memory/5140-467-0x00000000004B0000-0x0000000000530000-memory.dmp
memory/4176-465-0x0000000005560000-0x000000000563C000-memory.dmp
memory/4176-464-0x0000000000DC0000-0x0000000000EAE000-memory.dmp
memory/2392-452-0x0000000000990000-0x0000000000A10000-memory.dmp
memory/2968-447-0x0000000000900000-0x0000000000980000-memory.dmp
memory/2968-446-0x0000000000900000-0x0000000000980000-memory.dmp
memory/2392-458-0x0000000000990000-0x0000000000A10000-memory.dmp
memory/2392-453-0x0000000000990000-0x0000000000A10000-memory.dmp
memory/2968-441-0x0000000000900000-0x0000000000980000-memory.dmp
memory/2968-435-0x0000000000900000-0x0000000000980000-memory.dmp
memory/2968-434-0x0000000000900000-0x0000000000980000-memory.dmp
memory/2392-451-0x0000000000990000-0x0000000000A10000-memory.dmp