Analysis Overview
SHA256
99be2fccaa08c521f7eb1828d6b1620a439a9b9a9945b5dfe617a1bf07f9ef75
Threat Level: Known bad
The file JaffaCakes118_b248fe8b370f8fcb43c669473faf2b6e was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Pykspa
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Adds Run key to start application
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 12:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 12:44
Reported
2025-04-12 12:47
Platform
win10v2004-20250410-en
Max time kernel
34s
Max time network
130s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whswiudrxn = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xfnoxgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b248fe8b370f8fcb43c669473faf2b6e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wneogynhtpabkrpo.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "mfykeyplzxknyhhidg.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "mfykeyplzxknyhhidg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "wneogynhtpabkrpo.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "kfaokgzxnnchufhkhmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "xrlytogdsrfjvfgieic.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "wneogynhtpabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\obouiwhxfxeb = "kfaokgzxnnchufhkhmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "mfykeyplzxknyhhidg.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "xrlytogdsrfjvfgieic.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfaokgzxnnchufhkhmhc.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdpuhuetarx = "zvrgdautklbhvhkomsokz.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mvegqaht = "dvnyrkavifrtdlkke.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odsaqgtlvpyxej = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfykeyplzxknyhhidg.exe" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dnxalwerw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvrgdautklbhvhkomsokz.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbpwlamdmfnlr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvnyrkavifrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File created | C:\Windows\SysWOW64\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File created | C:\Program Files (x86)\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Program Files (x86)\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File created | C:\Program Files (x86)\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File created | C:\Windows\bbbuvwuxsxrbtjqyakkkd.fdg | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\qnkaywrrjlcjylputaxuki.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\dvnyrkavifrtdlkke.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File created | C:\Windows\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zvrgdautklbhvhkomsokz.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\xrlytogdsrfjvfgieic.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\kfaokgzxnnchufhkhmhc.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\mfykeyplzxknyhhidg.exe | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| File opened for modification | C:\Windows\wneogynhtpabkrpo.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b248fe8b370f8fcb43c669473faf2b6e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dvnyrkavifrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mfykeyplzxknyhhidg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wneogynhtpabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b248fe8b370f8fcb43c669473faf2b6e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b248fe8b370f8fcb43c669473faf2b6e.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b248fe8b370f8fcb43c669473faf2b6e.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe
"C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe" "-C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe
"C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe" "-C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe .
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\kfaokgzxnnchufhkhmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\xrlytogdsrfjvfgieic.exe*."
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe .
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\mfykeyplzxknyhhidg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe .
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\wneogynhtpabkrpo.exe*."
C:\Windows\zvrgdautklbhvhkomsokz.exe
zvrgdautklbhvhkomsokz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\dvnyrkavifrtdlkke.exe
dvnyrkavifrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\dvnyrkavifrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\xrlytogdsrfjvfgieic.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\dvnyrkavifrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\dvnyrkavifrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wneogynhtpabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\wneogynhtpabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\kfaokgzxnnchufhkhmhc.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zvrgdautklbhvhkomsokz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kfaokgzxnnchufhkhmhc.exe
C:\Windows\kfaokgzxnnchufhkhmhc.exe
kfaokgzxnnchufhkhmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mfykeyplzxknyhhidg.exe .
C:\Windows\mfykeyplzxknyhhidg.exe
mfykeyplzxknyhhidg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wneogynhtpabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrlytogdsrfjvfgieic.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\mfykeyplzxknyhhidg.exe*."
C:\Windows\wneogynhtpabkrpo.exe
wneogynhtpabkrpo.exe
C:\Windows\xrlytogdsrfjvfgieic.exe
xrlytogdsrfjvfgieic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\mfykeyplzxknyhhidg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\xrlytogdsrfjvfgieic.exe*."
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvrgdautklbhvhkomsokz.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| GB | 2.20.12.85:80 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| GB | 2.20.12.85:80 | www.adobe.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
| MD5 | c999e859faa7cf0f925128a8188ad4f5 |
| SHA1 | b6d6555432ed57c2eb53f54db92bf6e1386f3e77 |
| SHA256 | 72bcf073a6b089b13283146247ef8e4d5aa68bc1ba893250fb5853183bbe3b56 |
| SHA512 | 977da29ddceed44d444aebdc2504685a7361f10c0a4b64372a4fee07b096a4c4d158b1568e9ee75ad7806558563f74c781468431c72e30f0992e0a6cc5eef9ff |
C:\Windows\SysWOW64\mfykeyplzxknyhhidg.exe
| MD5 | b248fe8b370f8fcb43c669473faf2b6e |
| SHA1 | 608fe88e45ea2939f616d60ac94ad1d3cf15b02b |
| SHA256 | 99be2fccaa08c521f7eb1828d6b1620a439a9b9a9945b5dfe617a1bf07f9ef75 |
| SHA512 | aa076579580c4a800995cb6b05a4fcce39668266a52cc31b515b64d38828c007f4a10ed018d54adad015e49cac3a26e804ed575bf07ebe7c36e8dbc3b6182eb8 |
C:\Users\Admin\AppData\Local\Temp\xfnoxgm.exe
| MD5 | 352e7b4375946aaa457d6c57e2fbf99f |
| SHA1 | 7e42b2095114a0e105c8a6af224c0c79a7efee7b |
| SHA256 | dce655b4d607e6bf21ff50f086e9ee60c18e375b87107d711ffa35e3aab96348 |
| SHA512 | 86b6b2b6f004e97a8998cd5728b01960953ef12ff4d1a23ada41a61e9fd638edea3e399b5362c3c64eabf90fed143bf3e20582aed981eecd8fcf5b85fdc9eaac |
C:\Users\Admin\AppData\Local\whswiudrxnsnqrjcpkvgkwirflbgbefx.dyj
| MD5 | a2365704dd61c5362a54a03f32369715 |
| SHA1 | 6b848c838b3169bca3c6ad4539c8522321dfbbbc |
| SHA256 | 6c1ac2a29e34d4ae306385c2cb964b0e83e1e8ce5358d8bb2ff84de60ffc6590 |
| SHA512 | 6b89fb90819e655cf2750c8b39f614c5178390b54ee2298a5719c395678479178b072fa9b938264f6b5b553560f0515303551b54bfe43c07657b9e2dabf774c3 |
C:\Users\Admin\AppData\Local\bbbuvwuxsxrbtjqyakkkd.fdg
| MD5 | 45a800a0fb23f2661bc2c64394230347 |
| SHA1 | 47697afc6f82db99cdb649e5b6853a08a4310220 |
| SHA256 | 1b8280be4328d6a1bdcb31636989ed1c517fef32d416aed86dcc411123fff807 |
| SHA512 | bf627db69e10d4fcbcd889fea79af8ba78f52f5b554632e92e623d862906ee18782bb5b4f35df001d786ea5618b3979c1b382a1ba8fa288635840267180babb2 |