Analysis
-
max time kernel
27s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
29/03/2025, 18:16
General
-
Target
JaffaCakes118_90c1d920f8f1539dd7b4c70bd3a8cc5c.exe
-
Size
560KB
-
MD5
90c1d920f8f1539dd7b4c70bd3a8cc5c
-
SHA1
a978fc09bab91af1cafa95e6471e657074d25923
-
SHA256
717c2978702de3a7f235ab5c1de7bcb7a2519ec1bdf366a9e13c46f12485fd5d
-
SHA512
f60acf5520ac1212404b24d7c959e71b655d73b885769d0634181340ce536b948669768558acc683843e494d05c1a0deead356816d3c50cb3ab17942d4c527f2
-
SSDEEP
12288:IpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsYn0uPTF:IpUNr6YkVRFkgbeqeo68Fhqd1bF
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 11 IoCs
-
Pykspa
Pykspa is a worm spreads via Skype uses DGA and it's written in C++.
-
Pykspa family
-
UAC bypass 3 TTPs 20 IoCs
-
Detect Pykspa worm 2 IoCs
-
Adds policy Run key to start application 2 TTPs 40 IoCs
-
Disables RegEdit via registry modification 6 IoCs
-
Checks computer location settings 2 TTPs 55 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 22 IoCs
-
Hijack Execution Flow: Executable Installer File Permissions Weakness 1 TTPs 3 IoCs
Possible Turn off User Account Control's privilege elevation for standard users.
-
Looks up external IP address via web service 6 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 63 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 54 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 52 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_90c1d920f8f1539dd7b4c70bd3a8cc5c.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_90c1d920f8f1539dd7b4c70bd3a8cc5c.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_90c1d920f8f1539dd7b4c70bd3a8cc5c.exe*"2⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Disables RegEdit via registry modification
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Hijack Execution Flow: Executable Installer File Permissions Weakness
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\npudjl.exe"C:\Users\Admin\AppData\Local\Temp\npudjl.exe" "-C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe"3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Disables RegEdit via registry modification
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Adds Run key to start application
- Checks whether UAC is enabled
- Hijack Execution Flow: Executable Installer File Permissions Weakness
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\npudjl.exe"C:\Users\Admin\AppData\Local\Temp\npudjl.exe" "-C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe"3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Disables RegEdit via registry modification
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Hijack Execution Flow: Executable Installer File Permissions Weakness
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Adds policy Run key to start application
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.11⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe"C:\Users\Admin\AppData\Local\Temp\zflpwgp.exe" "-C:\Users\Admin\AppData\Local\Temp\yncpfyqivhfvehec.exe"4⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zrjzsojeujkdpvvwsdd.exe1⤵
-
C:\Windows\zrjzsojeujkdpvvwsdd.exezrjzsojeujkdpvvwsdd.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c bvphcaxumdgbpxzcanpjd.exe .1⤵
-
C:\Windows\bvphcaxumdgbpxzcanpjd.exebvphcaxumdgbpxzcanpjd.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\bvphcaxumdgbpxzcanpjd.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zrjzsojeujkdpvvwsdd.exe1⤵
-
C:\Windows\zrjzsojeujkdpvvwsdd.exezrjzsojeujkdpvvwsdd.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c bvphcaxumdgbpxzcanpjd.exe .1⤵
-
C:\Windows\bvphcaxumdgbpxzcanpjd.exebvphcaxumdgbpxzcanpjd.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\bvphcaxumdgbpxzcanpjd.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fvlzqkdwkxwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\fvlzqkdwkxwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\fvlzqkdwkxwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ofwldysmbpphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrjzsojeujkdpvvwsdd.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zrjzsojeujkdpvvwsdd.exeC:\Users\Admin\AppData\Local\Temp\zrjzsojeujkdpvvwsdd.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zrjzsojeujkdpvvwsdd.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zrjzsojeujkdpvvwsdd.exe1⤵
-
C:\Windows\zrjzsojeujkdpvvwsdd.exezrjzsojeujkdpvvwsdd.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c fvlzqkdwkxwnxbzys.exe .1⤵
-
C:\Windows\fvlzqkdwkxwnxbzys.exefvlzqkdwkxwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\fvlzqkdwkxwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ofwldysmbpphsxwwrb.exe1⤵
-
C:\Windows\ofwldysmbpphsxwwrb.exeofwldysmbpphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c fvlzqkdwkxwnxbzys.exe .1⤵
-
C:\Windows\fvlzqkdwkxwnxbzys.exefvlzqkdwkxwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\fvlzqkdwkxwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exeC:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exeC:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\mfypjgcypfhbovwyvhib.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exeC:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\bvphcaxumdgbpxzcanpjd.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\pduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
-
C:\Windows\zlatjvojwjfvehec.exezlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pduphvqncrphsxwwrb.exe .1⤵
-
C:\Windows\pduphvqncrphsxwwrb.exepduphvqncrphsxwwrb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\pduphvqncrphsxwwrb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exeC:\Users\Admin\AppData\Local\Temp\aphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exeC:\Users\Admin\AppData\Local\Temp\ndwtndazqhhbovwyvhjz.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\gtjduhbxlzwnxbzys.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exeC:\Users\Admin\AppData\Local\Temp\ctnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zrjzsojeujkdpvvwsdd.exe1⤵
-
C:\Windows\zrjzsojeujkdpvvwsdd.exezrjzsojeujkdpvvwsdd.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mfypjgcypfhbovwyvhib.exe .1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\mfypjgcypfhbovwyvhib.exemfypjgcypfhbovwyvhib.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\mfypjgcypfhbovwyvhib.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zrjzsojeujkdpvvwsdd.exe1⤵
-
C:\Windows\zrjzsojeujkdpvvwsdd.exezrjzsojeujkdpvvwsdd.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c yncpfyqivhfvehec.exe .1⤵
-
C:\Windows\yncpfyqivhfvehec.exeyncpfyqivhfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\yncpfyqivhfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exeC:\Users\Admin\AppData\Local\Temp\bvphcaxumdgbpxzcanpjd.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\bvphcaxumdgbpxzcanpjd.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe .1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ctnlgxvvnfgbpxzcanqhb.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exeC:\Users\Admin\AppData\Local\Temp\ofwldysmbpphsxwwrb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exeC:\Users\Admin\AppData\Local\Temp\mfypjgcypfhbovwyvhib.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\mfypjgcypfhbovwyvhib.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ndwtndazqhhbovwyvhjz.exe .1⤵
-
C:\Windows\ndwtndazqhhbovwyvhjz.exendwtndazqhhbovwyvhjz.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\ndwtndazqhhbovwyvhjz.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exeC:\Users\Admin\AppData\Local\Temp\gtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .1⤵
-
C:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exeC:\Users\Admin\AppData\Local\Temp\zlatjvojwjfvehec.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\users\admin\appdata\local\temp\zlatjvojwjfvehec.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\aphdwlhfvlkdpvvwsde.exeaphdwlhfvlkdpvvwsde.exe .2⤵
-
C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe"C:\Users\Admin\AppData\Local\Temp\whljbuilgrv.exe" "c:\windows\aphdwlhfvlkdpvvwsde.exe*."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ctnlgxvvnfgbpxzcanqhb.exe1⤵
-
C:\Windows\ctnlgxvvnfgbpxzcanqhb.exectnlgxvvnfgbpxzcanqhb.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe .1⤵
-
C:\Windows\gtjduhbxlzwnxbzys.exegtjduhbxlzwnxbzys.exe .2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c gtjduhbxlzwnxbzys.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c aphdwlhfvlkdpvvwsde.exe .1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c zlatjvojwjfvehec.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD567976add2fde4dcb01b382df95c66ae2
SHA10808151dbef4f396d49cab4aefa8b2bafe86c4dd
SHA25690ed10f055f8f50c85d85d822e24678caa71b27408ae7f647dbb4373b9e934ca
SHA51278fb681b56e18a29631852f6398b42da7c169c57571de57af8bdf30c0928e86fd6f425f53cd6278cb7f42ffbe6006a889959d42bdf45b10b343adbbdfe4ce445
-
Filesize
280B
MD5cc1108bfc550bbeff80dbf4b213bade2
SHA1e40a8ddf267bd6c1bf2a9c277f380baf629bdb98
SHA256887d405669cef35822d3cf52e5dbdc69d5298fbbe673b14201a38c33583f9d16
SHA51299d00dcd457d25b7b706eee9a31b89cf132cfee186f3eae3c1ce69ffc65df2133f3658c6ea2fc397f8323c09bedb5212f42d30eae8df3d42976dea7d37f90405
-
Filesize
280B
MD5d6c741f23979de6e6c1e1e723943185c
SHA1daec54e15b05779d50c0559e1a685288f037faca
SHA256435cb00a49b350f2afc362fe0078c1da3a32b719544a60a6dedbab1f8e722a8c
SHA51226739ffa5fe87971c8471093ae4a30c09536e6e034680c55dee90e8df926aabaa1d65d53d7eccf8bb1bda11250b6983f4980a0a2ca53f796b2f1fc490200b9fa
-
Filesize
280B
MD59a4c2337358aba304dc931ddac44a57a
SHA1fc371fad4a49444b48d2ab3baf65ff9e6d867ab6
SHA256626a645e64b9f1502b365dc2296311bfae9ec112dbba34eaa7c87ec1d4ad3ced
SHA5127c626df0a97ecf624c2aa1a700b4fc1bcd07d037a48ea2d905de5a3cd408ab1f4e43e834571e376c3179b7872fe9277d596c1461e9cb2061812a6a3b6f777c2f
-
Filesize
280B
MD51461498b6ddf18bb57205c7dd28656ff
SHA166f9a7c652713213a7fc3df235f9ed6110785596
SHA2567d395119ae215f476daaac65cfbdbaaf828d5d21dd88440f529975023ba25220
SHA512d01ee52294182efbf8eb2c769a77b739bcf9724a7711b25a53cdecdd2dfd7ba6cfc0c9ed3ed7168769fbbc5ea118f7f530c04a45e31f3d10a1e92f382ff7a31c
-
Filesize
280B
MD5ce4fdf3b637aef4cd5d64a5f0ec0a049
SHA126aaaf7feabce70cb1cddfb99be5a5ec97ed3d0b
SHA2564f7b16011ca8bf924d574b9b0420789cf889b16eeac51d5e41947f5a0e7989f1
SHA5128b2743b182aa26a5830d981379648a52d2ddf0a90b3b51f3b39cc9ad469b5d887482cd4b130a23e03290362975b68952aa8e9ada2ee0b4fadfc537240dee1552
-
Filesize
720KB
MD5315528529170e69a9c60704478166223
SHA1bfd57d85a405e095c6f27b5d689664e4d09138b6
SHA256a9690557b9ecb908bbaaafa029e5b3f244e18e703edf8a5b73de47d4f2d34c28
SHA51248ac8709269c80d4a8b82cf7e88931393a10438a8fc5d3da562b1ef5ce3830088f7e8faa0a690f318dfce4e43447332ecfd0089759493032d1f150b7b463b22c
-
Filesize
320KB
MD5e2466187bea338b124aba93b65bb9eff
SHA1a914bc0ae32e484f8dfe19ec44be2fb00b3f22cb
SHA256cc7cf910e7a5c8fe8a9de8ac8497f7697d5dfa2ccf30de4b41cce403cb9132eb
SHA512c15cdbc13ad29188a671c909a25e2ae29b237c0509b810e478de99c787b497a9557734cd12f8681d79fcc617c40f3dd4efa70a2c0704820e512027754b4b704f
-
Filesize
280B
MD5dfda4d56444ee725cc9a4690373b46fd
SHA1f74bbc131e8e2fb4ceb276e551322b770d5c7afb
SHA2562c96f6a9cc9f1e47f07d9e44e28fbc06daac77c1bbf1b404a1ef7fe37075d101
SHA51273887a65e7272cb74680af4b72868842fca251b3ffc4396a86fe00c983dbea44efbbfcc2997e9b0d4974f7d43e304009f320fe2eab072f125e03f6127fdb66ab
-
Filesize
4KB
MD5a0e5e286ddb3bda621fd67694f9bb122
SHA1793ced4b3d98aaf1fae809787e92c23808ada921
SHA256c8e6ca7cb08f168032e7668b547124b51c7f52801caeb72a53a75627fd66451b
SHA51265e5262040f66e371a3f2d19ca329a0f7b4b4e1a615f0f993c9db3a6fd8af8fafb334207909fb2f72a2805187fca3c1aa52b548e8e2c309ec798ec2d3c3e0157
-
Filesize
560KB
MD590c1d920f8f1539dd7b4c70bd3a8cc5c
SHA1a978fc09bab91af1cafa95e6471e657074d25923
SHA256717c2978702de3a7f235ab5c1de7bcb7a2519ec1bdf366a9e13c46f12485fd5d
SHA512f60acf5520ac1212404b24d7c959e71b655d73b885769d0634181340ce536b948669768558acc683843e494d05c1a0deead356816d3c50cb3ab17942d4c527f2