Malware Analysis Report

2025-08-10 16:33

Sample ID 250413-pgcrbavqy8
Target JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260
SHA256 2dd546c14f099e9bb4743023030628c46e25af589292816d7666c17ab7f17bd6
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2dd546c14f099e9bb4743023030628c46e25af589292816d7666c17ab7f17bd6

Threat Level: Known bad

The file JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa

Pykspa family

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-13 12:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-13 12:17

Reported

2025-04-13 12:20

Platform

win10v2004-20250410-en

Max time kernel

40s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\erqbupevnybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\xjhrjdrhyikeroyy.exe N/A
N/A N/A C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\erqbupevnybwkitub.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Windows\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\erqbupevnybwkitub.exe N/A
N/A N/A C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
N/A N/A C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Windows\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
N/A N/A C:\Windows\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\xjhrjdrhyikeroyy.exe N/A
N/A N/A C:\Windows\xjhrjdrhyikeroyy.exe N/A
N/A N/A C:\Windows\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
N/A N/A C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "ynobwtkdxkpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "xjhrjdrhyikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "xjhrjdrhyikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "lbdrnldxsgmkbcqueihx.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "arujgfytpelkcetyjoofi.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "lbdrnldxsgmkbcqueihx.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File created C:\Windows\SysWOW64\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File created C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Program Files (x86)\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File created C:\Program Files (x86)\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\bxfzbfddeykolsmwmwbxfz.fdd C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\erqbupevnybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lbdrnldxsgmkbcqueihx.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xjhrjdrhyikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rjndbbvroemmfiyeqwxptj.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbdrnldxsgmkbcqueihx.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5440 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5440 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5440 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4696 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\xjhrjdrhyikeroyy.exe
PID 4696 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\xjhrjdrhyikeroyy.exe
PID 4696 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\xjhrjdrhyikeroyy.exe
PID 4632 wrote to memory of 4776 N/A C:\Windows\system32\cmd.exe C:\Windows\ynobwtkdxkpmccpsbec.exe
PID 4632 wrote to memory of 4776 N/A C:\Windows\system32\cmd.exe C:\Windows\ynobwtkdxkpmccpsbec.exe
PID 4632 wrote to memory of 4776 N/A C:\Windows\system32\cmd.exe C:\Windows\ynobwtkdxkpmccpsbec.exe
PID 4776 wrote to memory of 1576 N/A C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4776 wrote to memory of 1576 N/A C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4776 wrote to memory of 1576 N/A C:\Windows\ynobwtkdxkpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4556 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\erqbupevnybwkitub.exe
PID 4556 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\erqbupevnybwkitub.exe
PID 4556 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\erqbupevnybwkitub.exe
PID 4796 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 4796 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 4796 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 5008 wrote to memory of 3680 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
PID 5008 wrote to memory of 3680 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
PID 5008 wrote to memory of 3680 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
PID 4856 wrote to memory of 828 N/A C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4856 wrote to memory of 828 N/A C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4856 wrote to memory of 828 N/A C:\Windows\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5024 wrote to memory of 3752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
PID 5024 wrote to memory of 3752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
PID 5024 wrote to memory of 3752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
PID 3752 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3752 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3752 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 2244 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
PID 2244 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
PID 2244 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
PID 1828 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
PID 1828 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
PID 1828 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
PID 2440 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 2440 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 2440 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 3548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 3548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 3548 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 3548 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 3548 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
PID 5028 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 5028 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 5028 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 3252 wrote to memory of 4592 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 3252 wrote to memory of 4592 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 3252 wrote to memory of 4592 N/A C:\Windows\system32\cmd.exe C:\Windows\nbbnhdtlequqfeqsac.exe
PID 1552 wrote to memory of 6096 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1552 wrote to memory of 6096 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1552 wrote to memory of 6096 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2712 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\arujgfytpelkcetyjoofi.exe
PID 2712 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\arujgfytpelkcetyjoofi.exe
PID 2712 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\arujgfytpelkcetyjoofi.exe
PID 6096 wrote to memory of 2228 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 6096 wrote to memory of 2228 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 6096 wrote to memory of 2228 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1976 wrote to memory of 1816 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1976 wrote to memory of 1816 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1976 wrote to memory of 1816 N/A C:\Windows\arujgfytpelkcetyjoofi.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3064 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\erqbupevnybwkitub.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe"

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b4a229565b18ddf6e26668fa71c1f260.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe

"C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe" "-C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe"

C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe

"C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe" "-C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\nbbnhdtlequqfeqsac.exe

nbbnhdtlequqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe

C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\xjhrjdrhyikeroyy.exe

xjhrjdrhyikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\erqbupevnybwkitub.exe

erqbupevnybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .

C:\Windows\ynobwtkdxkpmccpsbec.exe

ynobwtkdxkpmccpsbec.exe

C:\Windows\lbdrnldxsgmkbcqueihx.exe

lbdrnldxsgmkbcqueihx.exe .

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .

C:\Windows\arujgfytpelkcetyjoofi.exe

arujgfytpelkcetyjoofi.exe .

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 88.221.135.42:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.baidu.com udp
HK 103.235.46.115:80 www.baidu.com tcp
GB 89.191.127.22:13315 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 vikurevyf.info udp
US 8.8.8.8:53 jgdedx.net udp
US 8.8.8.8:53 arbyzeb.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
BG 87.97.175.199:31692 tcp
BG 87.120.107.30:43508 tcp
RU 95.189.42.226:20235 tcp
GB 89.191.127.123:25027 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
BG 217.174.59.36:13071 tcp
RU 79.105.159.72:17688 tcp
BG 78.90.165.49:40059 tcp
BG 85.196.183.188:31621 tcp
RU 95.189.42.226:20235 tcp
BG 46.10.15.67:32387 tcp
BG 46.47.114.66:18374 tcp
LT 85.206.79.117:24879 tcp
LT 88.216.27.200:37010 tcp
US 8.8.8.8:53 dprqgeqyn.net udp
US 8.8.8.8:53 xugsdmdrgha.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 khkhlhub.info udp
US 8.8.8.8:53 wkgtnywv.net udp
US 8.8.8.8:53 mysqka.org udp
US 8.8.8.8:53 aupqxqf.net udp
US 8.8.8.8:53 iioyyqwygu.org udp
BG 46.10.110.209:43834 tcp
US 8.8.8.8:53 aquwikmqec.org udp
US 8.8.8.8:53 auzvrl.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 fktsplded.com udp
US 8.8.8.8:53 uqcmwkoa.org udp
US 8.8.8.8:53 gyrukamfl.net udp
US 8.8.8.8:53 elrizatoxma.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 oaysuimkme.com udp
US 8.8.8.8:53 moycqm.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 umusesiygsgu.com udp
US 8.8.8.8:53 oetkfu.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 puhpplf.info udp
US 8.8.8.8:53 nerltuvfnq.net udp
US 8.8.8.8:53 tvnfog.net udp
US 8.8.8.8:53 nynenczotdj.com udp
US 8.8.8.8:53 itxwtlxyney.net udp
US 8.8.8.8:53 kwusgi.org udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 uwgkooqw.com udp
US 8.8.8.8:53 qscakqia.com udp
US 8.8.8.8:53 noopdlrucyjf.info udp
US 8.8.8.8:53 jovkhga.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 gejwhksyq.net udp
US 8.8.8.8:53 jdxupxvugvfn.net udp
US 8.8.8.8:53 jxbguoxqxut.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 frnisqs.info udp
US 8.8.8.8:53 dmnmtizun.info udp
US 8.8.8.8:53 fsoeebulkcfo.info udp
US 8.8.8.8:53 icjhyjld.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 cmiuykgoaqww.org udp
US 8.8.8.8:53 zuwansczhaq.org udp
US 8.8.8.8:53 emakmgieek.org udp
US 8.8.8.8:53 cluwwt.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 gkgccaokikso.com udp
US 8.8.8.8:53 uwamfms.net udp
US 8.8.8.8:53 fxltfaja.info udp
US 8.8.8.8:53 rexood.net udp
US 8.8.8.8:53 dutpbgjt.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 txdcdlxmlgj.net udp
US 8.8.8.8:53 pwlnzel.net udp
US 8.8.8.8:53 dmbqrodytaf.info udp
US 8.8.8.8:53 sxsftqzqxkr.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 vcdgrlautaf.info udp
US 8.8.8.8:53 zkqujrxmlih.com udp
US 8.8.8.8:53 zrofrwprxv.net udp
US 8.8.8.8:53 cnwrdi.net udp
US 8.8.8.8:53 kknuxgiyagd.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 posdiqfwasm.info udp
US 8.8.8.8:53 fotgpuhhsit.org udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 scbrof.net udp
US 8.8.8.8:53 lqskoevirc.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 ednzesnzbl.net udp
US 8.8.8.8:53 wgyeiaaiew.org udp
US 8.8.8.8:53 ckacycycqg.org udp
US 8.8.8.8:53 xvpvhbydjz.net udp
US 8.8.8.8:53 xqhkuos.org udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 qioxgylv.net udp
US 8.8.8.8:53 sgvwcwc.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 auqtzcyli.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 rgjatplerkm.info udp
US 8.8.8.8:53 dmrhnd.net udp
US 8.8.8.8:53 nuokvyzlxn.net udp
US 8.8.8.8:53 krhwda.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 eynitjv.info udp
US 8.8.8.8:53 fbfpexyk.net udp
US 8.8.8.8:53 fwnabbpqjul.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 icggomca.com udp
US 8.8.8.8:53 xkfwgkaqpni.net udp
US 8.8.8.8:53 aytobsjvd.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 zcwjjakn.net udp
US 8.8.8.8:53 jlzsbstoctbk.net udp
US 8.8.8.8:53 lwfcbdaem.info udp
US 8.8.8.8:53 bizajcfmfdv.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 txxgetozhw.net udp
US 8.8.8.8:53 hzydoouueq.info udp
US 8.8.8.8:53 vlolcwruoif.info udp
US 8.8.8.8:53 lmlcdghnrqu.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 wiqdaminfz.net udp
US 8.8.8.8:53 oacoioyooyoa.org udp
US 8.8.8.8:53 modatgr.net udp
US 8.8.8.8:53 tsnhfmxad.net udp
US 8.8.8.8:53 bvqvzdhpdubo.net udp
US 8.8.8.8:53 reqsxcteb.info udp
US 8.8.8.8:53 dmfbslcshwbu.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 uycookqcokmo.com udp
US 8.8.8.8:53 qagqhmv.info udp
US 8.8.8.8:53 tgdnhyjhnqi.org udp
US 8.8.8.8:53 dqdyqmfcl.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 huexdevpeaar.info udp
US 8.8.8.8:53 tgklsrpkpoei.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 vwhvlmc.org udp
US 8.8.8.8:53 lcxqfavqhnm.net udp
US 8.8.8.8:53 dqgpxhhqcxeb.net udp
US 8.8.8.8:53 vbmsimww.info udp
US 8.8.8.8:53 cljqrys.net udp
US 8.8.8.8:53 hovayx.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 pvpzezzcci.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 kmbxvmjc.net udp
US 8.8.8.8:53 qbgkxhwcrl.info udp
US 8.8.8.8:53 nibyjubkn.org udp
US 8.8.8.8:53 juhzhlr.net udp
US 8.8.8.8:53 aunxplxxliqz.info udp
US 8.8.8.8:53 zfgkhbaqt.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 pjywyr.net udp
US 8.8.8.8:53 ksmssuaor.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 lhzcvmsjcpnp.net udp
US 8.8.8.8:53 cycekzmsww.net udp
US 8.8.8.8:53 oayagsooun.net udp
US 8.8.8.8:53 ycljdslo.net udp
US 8.8.8.8:53 hatcjfciw.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 tnolzuin.net udp
US 8.8.8.8:53 nsnjwd.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 ueiuywojcdtp.info udp
US 8.8.8.8:53 zmoirscpvk.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 jmeifxn.net udp
US 8.8.8.8:53 meyaqayw.org udp
US 8.8.8.8:53 vqpravjur.info udp
US 8.8.8.8:53 xobnfmj.net udp
US 8.8.8.8:53 mebozchepax.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 wbhodoue.net udp
US 8.8.8.8:53 dklbcgzkdu.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 oxtgtw.info udp
US 8.8.8.8:53 rkahmgpbwz.info udp
US 8.8.8.8:53 ahvltlqovpgx.net udp
US 8.8.8.8:53 jyltyylmj.info udp
US 8.8.8.8:53 gywuwe.com udp
US 8.8.8.8:53 ktryhwvonxhg.info udp
US 8.8.8.8:53 blckjmmx.net udp
US 8.8.8.8:53 swuoqyuaggki.org udp
US 8.8.8.8:53 juzftemrlo.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 pjxpkerykil.net udp
US 8.8.8.8:53 bbvdmxnxzevl.info udp
US 8.8.8.8:53 oypznm.net udp
US 8.8.8.8:53 jybmaphn.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 ykwqsc.org udp
US 8.8.8.8:53 kwgiak.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 pjumebv.com udp
US 8.8.8.8:53 dmzpsqbvta.net udp
US 8.8.8.8:53 bucltsqieyp.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 dqzszwxiz.org udp
US 8.8.8.8:53 qzwacbkn.info udp
US 8.8.8.8:53 acahgr.info udp

Files

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

MD5 89ec3461ef4a893428c32f89de78b396
SHA1 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9
SHA256 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b
SHA512 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8

C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe

MD5 b4a229565b18ddf6e26668fa71c1f260
SHA1 2307c3afc80bec3823f5774322faf82518702d04
SHA256 2dd546c14f099e9bb4743023030628c46e25af589292816d7666c17ab7f17bd6
SHA512 2a7f67798e04b983728cda41060a0424e9eb64d9102299bd58199e9d280d33977a737ed791d819d966973d7ccb145c549f0e3e573b377544ed1a81c9ebc324bc

C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe

MD5 9a28b3d40f4ad0104fec9fcb86eeb561
SHA1 3997e0e8bd78df27fd082bcdbeb0aff39eb12b7b
SHA256 e359acd776dea8d82a7bd8ac4f6511d579395c45fd42ee13ad2bbca72aaeb5fa
SHA512 afff2715d6de01db1bc77429b4ef0437e612dc75aaf617fb9cf0b765c4839494396e14e8bc8bb51653a8fa00dd1778d5fd619c67d280b7d803f221b03b636973

C:\Users\Admin\AppData\Local\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy

MD5 2d950ce77f367a38d9f4409e5cecbe59
SHA1 711b0a9bdaaff62c0f20d63507de05f558be2a88
SHA256 d41db908cd887d0b6be8540394274dc2f1c8a69814e62cf21bc17bbb1a01ef2b
SHA512 ed209e2113c0103567101e88a2a58022cd89407c4aa5515960c67cbcb5c62be3bd2904184c8a3bcccfe2ac16689429ec950bf46010b017f0eadef17daa67297c

C:\Users\Admin\AppData\Local\bxfzbfddeykolsmwmwbxfz.fdd

MD5 22dbd511ae41cebee030b9fcbe9535f9
SHA1 e5ee316ef950e7e87ddb81b560640cc6abe6da46
SHA256 8dad2533c1433f63afaebdd519e6d92f2a333a5d6a58132c590bee3d6f925826
SHA512 b493248e606182df7733e2bd7330d1d0383e10b21eb6e0af187ac5a2302c63093c52578341dd7c2a04d2b68124ee80a0f00f206cbc256bc51c62d73775d8441a

C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd

MD5 cca099510847780b8fae07d16f71041f
SHA1 d85a8b60b5d2cb180f6506e438bf963bd40875f8
SHA256 a656494e0ed08158f74b5d68cbf5fdffd621fb5a0f008b06a5f7c953def4bce8
SHA512 8c562a0081d32b1583d1c73681d89616051ed4f40de8654cead8b61986e15ea6751d4e220c15cf474bb0ca5a2e90a413776ed1210397027dc366942500090295

C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd

MD5 2b5a24ba675a3c1c2ea4a0de8cc5c5b9
SHA1 d86093fb08c871863ec9d3c2a75a31a21f049470
SHA256 9ac9d817a5ffcff5be70b7d89c76bcc4389ff86159609ff66ba8742572cd5efe
SHA512 a0e57704f8ac6da0d34b9f66f1ea011c1545455ccf1464cd79c298f4b540304b244fdc907e7af0823ed58ad038e726b705a49e37f8a49a133a911d84c9cbe352

C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd

MD5 06423f3fc4108af8a4e7489724ecb4c4
SHA1 dd26da593e4c4c76b247d4a02366265c2c761182
SHA256 d46483304ad597680ffcc32c5f6ada5543717f69599be85af6863a4671ef8edf
SHA512 30b31fd96a8c3b38de5f8b1a35e2ac8bb49748e69fd74239800845968bca23fa785a9f5bf5611d74053f5b1fc62b948eac9d489028115601d4333a296285082e

C:\ejadobirb.bat

MD5 91341f666ce4e3db7b8139902bfc4d28
SHA1 ab1442ebd90125df99f2a4b482924185c09f255b
SHA256 7fdffd4ed539eeb96f3bebf04d08bbf7f52f751c45576a37d905451491ad6aa6
SHA512 0bafa761adcbeac2b0f1a3b74364aa58f169a5bd79470a2aaacb2567508b3b58f4ef985c6bf069b072f4bbc83e0f6ce7a875af4019f650abdd072e49847ed4b4

C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd

MD5 541a3707fb9f37ab4dee93eb35144f1c
SHA1 17287fe1bb120dbf1b11852258127df9def5227a
SHA256 43339dc83038a61e414868d77fcdafc2e5648f2bbab3ea95b40753d7fa0fb0ae
SHA512 33d7c0a117ab9d9f25b0b4f434362f11044320768f786a3c5cbe040775955b15b9068e9dbfa8e14ced06643cd442b72d35925ef6e1420f5eeb1dad574d8b6f0d

C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd

MD5 c612958bbbad685e7dca028f29e1883e
SHA1 31db126919af796811df3292f644fced445032d3
SHA256 08cb4d4a85561bcb3e9b58e17b9091f3bd952f56bb79ab63ac2e26a5414f805c
SHA512 a140545c3d2e59248d06337f134d5b7ba3ee7309a6220fd703403dc5b5b4c51991219325fcd90b832c912b0af5f1682ff1eb329ebd4e37186a1d2c7a095b6fd8