Malware Analysis Report

2025-08-10 16:34

Sample ID 250414-s5mg7s1ybs
Target JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0
SHA256 9aab7948f428921efcc735e88e5adad78ff27a73e6cb2d54d9cfddae3286cf22
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9aab7948f428921efcc735e88e5adad78ff27a73e6cb2d54d9cfddae3286cf22

Threat Level: Known bad

The file JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa family

UAC bypass

Modifies WinLogon for persistence

Pykspa

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-14 15:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-14 15:42

Reported

2025-04-14 15:45

Platform

win10v2004-20250410-en

Max time kernel

41s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bltbhrglwn = "ezslcxxnjlbhvhkomxsle.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cjotwdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezslcxxnjlbhvhkomxsle.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cjotwdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjzpdvsfyxknyhhidl.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bltbhrglwn = "pjbtjdcrmnchufhkhrld.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\bnhrmcogujfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\ivqbxobujzwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Windows\bnhrmcogujfqrahf.exe N/A
N/A N/A C:\Windows\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Windows\bnhrmcogujfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Windows\crobzshctlkycoyzbxg.exe N/A
N/A N/A C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
N/A N/A C:\Windows\ivqbxobujzwikucbb.exe N/A
N/A N/A C:\Windows\pfdrqkawohhwbozbeblb.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "rjzpdvsfyxknyhhidl.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whqzgrhnzrx = "brftfvqbspabkrpo.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvmdsljxrrfjvfgieng.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "pjbtjdcrmnchufhkhrld.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izodqhdphfrtdlkke.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjzpdvsfyxknyhhidl.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "rfbnkcqkarpcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjbtjdcrmnchufhkhrld.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "pfdrqkawohhwbozbeblb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\tfpzhtkrexeb = "izodqhdphfrtdlkke.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File created C:\Windows\SysWOW64\vvdbkoouwzjixupbovppxveiio.tdc C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Program Files (x86)\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File created C:\Program Files (x86)\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File created C:\Windows\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vnndeasqkfhyfuhlqpbttj.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izodqhdphfrtdlkke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izodqhdphfrtdlkke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crobzshctlkycoyzbxg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rfbnkcqkarpcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rjzpdvsfyxknyhhidl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brftfvqbspabkrpo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evujjevslfgwcqcfjhsji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5252 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5252 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5252 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4672 wrote to memory of 4868 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 4672 wrote to memory of 4868 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 4672 wrote to memory of 4868 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 4732 wrote to memory of 5880 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 4732 wrote to memory of 5880 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 4732 wrote to memory of 5880 N/A C:\Windows\system32\cmd.exe C:\Windows\rfbnkcqkarpcfqzzav.exe
PID 5880 wrote to memory of 4856 N/A C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5880 wrote to memory of 4856 N/A C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5880 wrote to memory of 4856 N/A C:\Windows\rfbnkcqkarpcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4832 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 4832 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 4832 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 4796 wrote to memory of 4020 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 4796 wrote to memory of 4020 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 4796 wrote to memory of 4020 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 5712 wrote to memory of 3896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5712 wrote to memory of 3896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5712 wrote to memory of 3896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5924 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
PID 5924 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
PID 5924 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
PID 4020 wrote to memory of 2800 N/A C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4020 wrote to memory of 2800 N/A C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4020 wrote to memory of 2800 N/A C:\Windows\ivqbxobujzwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2096 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2096 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2096 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5868 wrote to memory of 2884 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5868 wrote to memory of 2884 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5868 wrote to memory of 2884 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
PID 5716 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
PID 5716 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
PID 5716 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
PID 452 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 452 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 452 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2700 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2700 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2700 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2700 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2700 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2700 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\efonx.exe
PID 2088 wrote to memory of 1740 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 2088 wrote to memory of 1740 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 2088 wrote to memory of 1740 N/A C:\Windows\system32\cmd.exe C:\Windows\ivqbxobujzwikucbb.exe
PID 5052 wrote to memory of 4376 N/A C:\Windows\system32\cmd.exe C:\Windows\bnhrmcogujfqrahf.exe
PID 5052 wrote to memory of 4376 N/A C:\Windows\system32\cmd.exe C:\Windows\bnhrmcogujfqrahf.exe
PID 5052 wrote to memory of 4376 N/A C:\Windows\system32\cmd.exe C:\Windows\bnhrmcogujfqrahf.exe
PID 2368 wrote to memory of 2676 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 2368 wrote to memory of 2676 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 2368 wrote to memory of 2676 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe
PID 5948 wrote to memory of 1092 N/A C:\Windows\system32\cmd.exe C:\Windows\pfdrqkawohhwbozbeblb.exe
PID 5948 wrote to memory of 1092 N/A C:\Windows\system32\cmd.exe C:\Windows\pfdrqkawohhwbozbeblb.exe
PID 5948 wrote to memory of 1092 N/A C:\Windows\system32\cmd.exe C:\Windows\pfdrqkawohhwbozbeblb.exe
PID 2676 wrote to memory of 3944 N/A C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2676 wrote to memory of 3944 N/A C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2676 wrote to memory of 3944 N/A C:\Windows\crobzshctlkycoyzbxg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 1092 wrote to memory of 3120 N/A C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 1092 wrote to memory of 3120 N/A C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 1092 wrote to memory of 3120 N/A C:\Windows\pfdrqkawohhwbozbeblb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 884 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\crobzshctlkycoyzbxg.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\efonx.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b83fcfe1963876af901a35e7f36a53a0.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\efonx.exe

"C:\Users\Admin\AppData\Local\Temp\efonx.exe" "-C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe"

C:\Users\Admin\AppData\Local\Temp\efonx.exe

"C:\Users\Admin\AppData\Local\Temp\efonx.exe" "-C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe

C:\Windows\rjzpdvsfyxknyhhidl.exe

rjzpdvsfyxknyhhidl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .

C:\Windows\izodqhdphfrtdlkke.exe

izodqhdphfrtdlkke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .

C:\Windows\brftfvqbspabkrpo.exe

brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Windows\izodqhdphfrtdlkke.exe

izodqhdphfrtdlkke.exe .

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\brftfvqbspabkrpo.exe

brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\pjbtjdcrmnchufhkhrld.exe

pjbtjdcrmnchufhkhrld.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pjbtjdcrmnchufhkhrld.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pjbtjdcrmnchufhkhrld.exe

pjbtjdcrmnchufhkhrld.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe

C:\Windows\izodqhdphfrtdlkke.exe

izodqhdphfrtdlkke.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe

C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\izodqhdphfrtdlkke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Windows\brftfvqbspabkrpo.exe

brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\rjzpdvsfyxknyhhidl.exe

rjzpdvsfyxknyhhidl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rjzpdvsfyxknyhhidl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\pjbtjdcrmnchufhkhrld.exe

pjbtjdcrmnchufhkhrld.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\pjbtjdcrmnchufhkhrld.exe

pjbtjdcrmnchufhkhrld.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pjbtjdcrmnchufhkhrld.exe*."

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\brftfvqbspabkrpo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe

C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\pjbtjdcrmnchufhkhrld.exe

pjbtjdcrmnchufhkhrld.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\rjzpdvsfyxknyhhidl.exe

rjzpdvsfyxknyhhidl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rjzpdvsfyxknyhhidl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvmdsljxrrfjvfgieng.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe .

C:\Windows\brftfvqbspabkrpo.exe

brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\cvmdsljxrrfjvfgieng.exe

cvmdsljxrrfjvfgieng.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe

C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\cvmdsljxrrfjvfgieng.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pjbtjdcrmnchufhkhrld.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe

C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\izodqhdphfrtdlkke.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\rfbnkcqkarpcfqzzav.exe

rfbnkcqkarpcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe

C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Windows\crobzshctlkycoyzbxg.exe

crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .

C:\Windows\ivqbxobujzwikucbb.exe

ivqbxobujzwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."

C:\Windows\bnhrmcogujfqrahf.exe

bnhrmcogujfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe

C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe

C:\Windows\evujjevslfgwcqcfjhsji.exe

evujjevslfgwcqcfjhsji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .

C:\Windows\pfdrqkawohhwbozbeblb.exe

pfdrqkawohhwbozbeblb.exe .

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Users\Admin\AppData\Local\Temp\ejmpq.exe

"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."

Network

Country Destination Domain Proto
GB 88.221.135.1:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:80 www.youtube.com tcp
BG 95.111.19.54:34811 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 wylmrwfhh.info udp
US 8.8.8.8:53 zctequzmf.com udp
US 8.8.8.8:53 ikwvxmhbrc.net udp
US 8.8.8.8:53 qhnjfjqvjl.info udp
US 8.8.8.8:53 kygguisgwo.org udp
US 8.8.8.8:53 ikdddwcqrob.net udp
US 8.8.8.8:53 kihxpkbibblm.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 gonvkllx.net udp
US 8.8.8.8:53 oivalct.info udp
US 8.8.8.8:53 ogeiwogiyu.com udp
US 8.8.8.8:53 hwaxuahvrr.info udp
US 8.8.8.8:53 qacdjweqga.info udp
US 8.8.8.8:53 stfowezoo.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 cmweoc.com udp
US 8.8.8.8:53 kqqwgsyu.org udp
US 8.8.8.8:53 cnnsewqe.net udp
US 8.8.8.8:53 yteelqjn.info udp
US 8.8.8.8:53 gmpypkucn.info udp
US 8.8.8.8:53 pydvbqzkd.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 dhvieehgs.com udp
US 8.8.8.8:53 wwrklqg.net udp
US 8.8.8.8:53 hrhjncmcbd.info udp
US 8.8.8.8:53 ackiyqwayk.com udp
US 8.8.8.8:53 eyrmfybkp.net udp
US 8.8.8.8:53 adxqrqbaruj.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 gmysmygm.com udp
US 8.8.8.8:53 oxrbvmhkyif.info udp
US 8.8.8.8:53 jadglz.net udp
US 8.8.8.8:53 gkaoord.net udp
US 8.8.8.8:53 rwqutp.net udp
US 8.8.8.8:53 hkoubf.info udp
US 8.8.8.8:53 bjswax.net udp
US 8.8.8.8:53 hwokhkxqd.net udp
US 8.8.8.8:53 ygywkcaecg.com udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 rnrytxjuysf.net udp
US 8.8.8.8:53 popodd.info udp
US 8.8.8.8:53 rffzvqccglsz.info udp
US 8.8.8.8:53 aavuzhdsr.net udp
US 8.8.8.8:53 aqrcraf.net udp
US 8.8.8.8:53 pnjoxjy.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 uvbupon.net udp
US 8.8.8.8:53 olbnjifd.info udp
US 8.8.8.8:53 dnfjafzmzb.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 eyvwfbpzvkf.net udp
US 8.8.8.8:53 rwpqeuborcn.net udp
US 8.8.8.8:53 nqzofbfmvolt.info udp
US 8.8.8.8:53 oqptmlsphxqt.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 vstpwq.net udp
US 8.8.8.8:53 xnhiocr.net udp
US 8.8.8.8:53 zaohxqxdzcfk.info udp
US 8.8.8.8:53 rsxxaj.net udp
US 94.72.119.132:20764 tcp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 wuhsium.net udp
US 8.8.8.8:53 skyueymm.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 gggjqfvyezn.net udp
US 8.8.8.8:53 tqlednzwr.com udp
US 8.8.8.8:53 xqiyclldry.info udp
US 8.8.8.8:53 npktvj.net udp
US 8.8.8.8:53 owpueefbb.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 bipozo.net udp
US 8.8.8.8:53 cmhjebvakrpv.info udp
US 8.8.8.8:53 kowxbyfnq.net udp
US 8.8.8.8:53 yognduz.net udp
US 8.8.8.8:53 bvjgxcelqp.net udp
US 8.8.8.8:53 vcjcrgw.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 mhbahanmg.net udp
US 8.8.8.8:53 eeooeaciququ.org udp
US 8.8.8.8:53 zbvcyqvljkp.com udp
US 8.8.8.8:53 kvaxyfbqhst.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 imrtpvapmj.net udp
US 8.8.8.8:53 noxycgxidn.net udp
US 8.8.8.8:53 lqcnwysgnc.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 auwqsu.com udp
US 8.8.8.8:53 miocosqaqaye.com udp
US 8.8.8.8:53 msqsaa.org udp
US 8.8.8.8:53 avmgry.info udp
US 8.8.8.8:53 fmrisyv.com udp
US 8.8.8.8:53 mpdcbwsgxij.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 vwdifmr.org udp
MK 109.69.42.241:38744 tcp
US 8.8.8.8:53 qsojliqo.info udp
US 8.8.8.8:53 lktkosl.org udp
US 8.8.8.8:53 iznvzhbkb.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 dixmnywqcy.net udp
US 8.8.8.8:53 nmxdzhjlohzy.net udp
US 8.8.8.8:53 spksmrbsbrfg.info udp
US 8.8.8.8:53 eucyaokqsu.org udp
US 8.8.8.8:53 zchodaynl.com udp
US 8.8.8.8:53 hazqnswy.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 liuoagvdnqx.org udp
US 8.8.8.8:53 kpagtitvmd.net udp
US 8.8.8.8:53 hzfpvb.net udp
US 8.8.8.8:53 esmecmowseuw.org udp
US 8.8.8.8:53 jmbvhqpou.info udp
US 8.8.8.8:53 hbfzssslye.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 qlqufaxrp.info udp
US 8.8.8.8:53 tqzealdxyu.info udp
US 8.8.8.8:53 ucqscoqfpwp.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 ucnhfst.info udp
US 8.8.8.8:53 sayavg.net udp
US 8.8.8.8:53 kjketpdtyp.info udp
US 8.8.8.8:53 gpnknjk.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 ydjjugxevlu.info udp
US 8.8.8.8:53 osukqa.com udp
US 8.8.8.8:53 qsiera.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 vqiiizc.net udp
US 8.8.8.8:53 lbvvdbvivlbu.net udp
US 8.8.8.8:53 lnsgvrulpx.net udp
US 8.8.8.8:53 avksjqlsfhbo.net udp
US 8.8.8.8:53 hcdinci.info udp
US 8.8.8.8:53 wyfwzoees.info udp
US 8.8.8.8:53 cflvjlfpzsxh.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 fubbhwv.com udp
US 8.8.8.8:53 ykvdsjjnzm.net udp
US 8.8.8.8:53 wcnhfcro.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 fbxfrmymlv.info udp
US 8.8.8.8:53 txypfbmdkt.net udp
US 8.8.8.8:53 nlhtrrgkfivs.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 nalmtvn.com udp
US 8.8.8.8:53 zqfvuquiecp.net udp
US 8.8.8.8:53 nrymsoxjx.com udp
RU 188.16.156.230:36160 tcp
US 8.8.8.8:53 ykpbvqhie.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 dubqfwp.info udp
US 8.8.8.8:53 uklzvesgd.info udp
US 8.8.8.8:53 zvxcgkwzpuky.net udp
US 8.8.8.8:53 lerixywie.net udp
US 8.8.8.8:53 edityjhm.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 bbvtctvcwlbd.net udp
US 8.8.8.8:53 zbjmyd.info udp
US 8.8.8.8:53 ehridwhke.net udp
US 8.8.8.8:53 acrmngx.net udp
US 8.8.8.8:53 vouhhjys.net udp
US 8.8.8.8:53 uchajubky.net udp
US 8.8.8.8:53 cebafdz.info udp
US 8.8.8.8:53 yogifymsp.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 lfdgbcvbbat.net udp
US 8.8.8.8:53 jqpulom.org udp
US 8.8.8.8:53 fotlfadh.net udp
US 8.8.8.8:53 nobwkgf.org udp
US 8.8.8.8:53 knulscbiaqmm.info udp
US 8.8.8.8:53 ycuugoigqk.org udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 eljlorggpu.info udp
US 8.8.8.8:53 nqcsprfy.info udp
US 8.8.8.8:53 prtmnvcmb.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 ejtqxdpbdl.info udp
US 8.8.8.8:53 pujgluj.net udp
US 8.8.8.8:53 qadyus.info udp
US 8.8.8.8:53 isrpunlh.info udp
US 8.8.8.8:53 umleux.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 fkuetedvn.info udp
US 8.8.8.8:53 gtjzxctvzxse.net udp
US 8.8.8.8:53 xkjcpun.com udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 oetoceaydhk.info udp
US 8.8.8.8:53 lxliptd.net udp
US 8.8.8.8:53 cydchkeef.net udp
US 8.8.8.8:53 ocbitshcm.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 qinbqci.net udp
US 8.8.8.8:53 hgrodml.net udp
US 8.8.8.8:53 pawhhgkpec.net udp
US 8.8.8.8:53 bfxhcqvc.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 adhbceiz.info udp
US 8.8.8.8:53 tsdinuhj.net udp
US 8.8.8.8:53 farwdwuan.com udp
US 8.8.8.8:53 gpvbrbuyhtnr.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 mcfvcxtifu.net udp
US 8.8.8.8:53 weocqw.org udp
US 8.8.8.8:53 refxhuq.com udp
US 8.8.8.8:53 uwtezdh.net udp
US 8.8.8.8:53 emthorn.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 xjjslzzs.net udp
US 8.8.8.8:53 hktelatn.info udp
US 8.8.8.8:53 mwsjlip.net udp
US 8.8.8.8:53 swdrcwvizldl.info udp
US 8.8.8.8:53 pjbjpbpnjbzl.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 lblmsrb.info udp
LT 78.60.150.155:29552 tcp
US 8.8.8.8:53 fmhclkf.org udp
US 8.8.8.8:53 kmggkm.com udp
US 8.8.8.8:53 dxwyprbedifi.info udp
US 8.8.8.8:53 uwksggaa.com udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 kalxxxy.info udp
US 8.8.8.8:53 kmdcogd.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 oqrixbdus.info udp
US 8.8.8.8:53 thciuolpzs.info udp
US 8.8.8.8:53 umomycgomm.org udp
US 8.8.8.8:53 dozprwxhn.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 ghpvqgnekiva.net udp
US 8.8.8.8:53 wiigigciow.org udp
US 8.8.8.8:53 zgrktvn.net udp
US 8.8.8.8:53 dgzwrnhx.net udp
US 8.8.8.8:53 ngcdlyb.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 uipwfotwwgh.info udp
US 8.8.8.8:53 jszocat.info udp
US 8.8.8.8:53 kiyamcwk.org udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 dkeytodxib.info udp
US 8.8.8.8:53 ljgrjd.net udp
US 8.8.8.8:53 dqeavwtqh.org udp
US 8.8.8.8:53 dclpbldan.com udp
US 8.8.8.8:53 nyrwceu.com udp
US 8.8.8.8:53 idydxbdftv.net udp
US 8.8.8.8:53 smtrhmvcjsn.info udp
US 8.8.8.8:53 krjcqhgq.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 jstudmzuw.com udp
US 8.8.8.8:53 vcdgmfbhdvxk.info udp
US 8.8.8.8:53 mameuismkegw.com udp
US 8.8.8.8:53 mgqxjvziht.net udp
US 8.8.8.8:53 oqpxvoxqrhm.info udp
US 8.8.8.8:53 oswngjpzxc.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 gzjbpr.info udp
US 8.8.8.8:53 waymgbtcdefc.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 zorntseq.net udp
LV 83.99.145.208:23448 tcp
US 8.8.8.8:53 fzijwkb.com udp
US 8.8.8.8:53 uttglmlt.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 aclqrivmz.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 cqlubjxyolz.info udp
US 8.8.8.8:53 lirbebdaicd.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 bkakabfa.info udp
US 8.8.8.8:53 mazrfaywiwo.net udp
US 8.8.8.8:53 oaeaioagco.org udp
US 8.8.8.8:53 xsggtwkr.info udp
US 8.8.8.8:53 xhtuboo.info udp
US 8.8.8.8:53 bhzwpwzaxcv.com udp
US 8.8.8.8:53 dwwicmb.com udp
US 8.8.8.8:53 bepuloo.info udp
US 8.8.8.8:53 bsftrvt.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 edayrzdfrr.net udp
US 8.8.8.8:53 aslfiwth.info udp
US 8.8.8.8:53 fsnmfmh.net udp
US 8.8.8.8:53 mekykueiki.org udp
US 8.8.8.8:53 gswigkqoqsog.com udp
US 8.8.8.8:53 fsyczawoha.info udp
MD 109.185.185.135:18405 tcp
US 8.8.8.8:53 ucxwdytcd.info udp
US 8.8.8.8:53 yhizzf.info udp
US 8.8.8.8:53 tvbemh.info udp
US 8.8.8.8:53 mxhrvdes.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 kefsbuv.info udp
US 8.8.8.8:53 bexazkfcv.com udp
US 8.8.8.8:53 myoqmwyg.org udp
US 8.8.8.8:53 hsdcvazmm.com udp
US 8.8.8.8:53 ipqvmtco.info udp
US 8.8.8.8:53 evlrvbtwnx.info udp
US 8.8.8.8:53 yeckikkg.org udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ldngutyf.net udp
US 8.8.8.8:53 iqqmntqo.info udp
US 8.8.8.8:53 lezugz.net udp
US 8.8.8.8:53 votebrqf.info udp
US 8.8.8.8:53 odnomz.info udp
US 8.8.8.8:53 dtzuyyfj.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 lmwqml.net udp
US 8.8.8.8:53 yiwehvmkztmx.net udp
US 8.8.8.8:53 qgggic.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 svfmjmbd.info udp
US 8.8.8.8:53 tuhabmafx.net udp
US 8.8.8.8:53 ekcswwmyowmg.com udp
US 8.8.8.8:53 gicioogy.org udp
US 8.8.8.8:53 kscyygay.net udp
US 8.8.8.8:53 weggcwuy.org udp
US 8.8.8.8:53 puyasczqors.org udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 lwrbughkb.com udp
US 8.8.8.8:53 cyymae.org udp
US 8.8.8.8:53 gohdjwfev.net udp
US 8.8.8.8:53 gowagmcugm.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 wzqwjrrjtkhn.net udp
US 8.8.8.8:53 egbmepl.info udp
US 8.8.8.8:53 twpqidezmmxp.net udp
US 8.8.8.8:53 qquutwuq.net udp
US 8.8.8.8:53 ywacgsioyick.org udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 nbyzpwr.org udp
US 8.8.8.8:53 mkxgjmvb.info udp
BG 94.236.213.98:23019 tcp
US 8.8.8.8:53 cmtcpwgbpyh.info udp
US 8.8.8.8:53 ygumvki.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 tsxkthcswux.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 bzvopdnkwu.info udp
US 8.8.8.8:53 petxzn.info udp
US 8.8.8.8:53 jvxpahugoute.net udp
US 8.8.8.8:53 syanhaaljvnf.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 lyfczxdnpdi.com udp
US 8.8.8.8:53 kgviietmped.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 iscskgew.org udp
US 8.8.8.8:53 wmgoaowo.org udp
US 8.8.8.8:53 cytcsplo.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 rmvwftcgb.com udp
US 8.8.8.8:53 cjcfxsyyo.info udp
US 8.8.8.8:53 trbwmceaweb.org udp
US 8.8.8.8:53 klhorgsi.net udp
US 8.8.8.8:53 nehoniv.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
LT 77.79.41.164:45448 tcp
US 8.8.8.8:53 zsptgrjgr.com udp
US 8.8.8.8:53 tgqnpbuc.net udp
US 8.8.8.8:53 bvnxdldcsos.org udp
US 8.8.8.8:53 myocawssawkq.com udp
US 8.8.8.8:53 kquowo.org udp
US 8.8.8.8:53 znnhkfgcwr.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 lulekbbwwkd.org udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 okxqyyxyxib.info udp
US 8.8.8.8:53 nmzywac.net udp
US 8.8.8.8:53 zlrptduwafvx.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 uwpwyylunmc.net udp
US 8.8.8.8:53 oixqtnait.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 giyiyggm.com udp
US 8.8.8.8:53 lwhixbfia.info udp
US 8.8.8.8:53 ztvazalg.net udp
US 8.8.8.8:53 dhccxev.info udp
US 8.8.8.8:53 anvrzosatkj.net udp
US 8.8.8.8:53 odoqzijhsjjo.net udp
US 8.8.8.8:53 vsmjkyzlx.net udp
US 8.8.8.8:53 eoqaqh.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 sjrfbwt.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 rcprqub.info udp
LT 89.117.247.62:42576 tcp
US 8.8.8.8:53 njzbxcpyipso.info udp
US 8.8.8.8:53 qczdtuz.info udp
US 8.8.8.8:53 vtsasbwn.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 ratcteved.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 occgiq.org udp
US 8.8.8.8:53 lqhqpzqaa.org udp
US 8.8.8.8:53 qsjlxj.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 fxagdqp.org udp
US 8.8.8.8:53 btzcbg.net udp
US 8.8.8.8:53 dzjuknfmpfff.info udp
US 8.8.8.8:53 jodwziduxgq.com udp
US 8.8.8.8:53 zrjyocdjxbtq.info udp
US 8.8.8.8:53 dwfmaujup.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 bjzmpkedyg.info udp
US 8.8.8.8:53 sooaksiieays.org udp
US 8.8.8.8:53 uytqxqlb.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 cecwqigogcwm.com udp
US 8.8.8.8:53 fuuqxczcznz.org udp
US 8.8.8.8:53 xklzcflmd.net udp
US 8.8.8.8:53 tstplevza.net udp
US 8.8.8.8:53 nsivlp.info udp
US 8.8.8.8:53 oieuacceicwa.org udp
US 8.8.8.8:53 dgptjtszgbxw.net udp
US 8.8.8.8:53 nsjnpn.net udp
BG 212.75.11.123:27967 tcp
US 8.8.8.8:53 egchvclk.net udp
US 8.8.8.8:53 xgrofw.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 ttialuukmuy.com udp
US 8.8.8.8:53 xevylidk.info udp
US 8.8.8.8:53 xejvnaebz.org udp
US 8.8.8.8:53 eaaktqnrxm.info udp
US 8.8.8.8:53 nfgcffubjh.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 jalaqsxytfr.info udp
US 8.8.8.8:53 bqpqgcyybju.com udp
US 8.8.8.8:53 jwpkbnsvd.net udp
US 8.8.8.8:53 zdbnui.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 ecmwcwcu.com udp
US 8.8.8.8:53 usqqaomaaw.org udp
US 8.8.8.8:53 rczlhprxbppm.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 ytfwcb.net udp
US 8.8.8.8:53 bxyort.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 pqbnjajavbh.info udp
US 8.8.8.8:53 oqljttdvdqd.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 hsqpiwhyelwv.info udp
US 8.8.8.8:53 tyjejomvm.info udp
US 8.8.8.8:53 zwnunufgdwb.com udp
US 8.8.8.8:53 yazmlkomykl.net udp
US 8.8.8.8:53 btwbbgnh.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 ckqyecwagqok.org udp
US 8.8.8.8:53 yuigqwammc.com udp
US 8.8.8.8:53 mguelxzbjp.net udp
US 8.8.8.8:53 dwprrqgfqimo.net udp
US 8.8.8.8:53 aypypzbihi.net udp
US 8.8.8.8:53 gbfqqfqcryz.net udp
US 8.8.8.8:53 wleugapofp.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 kxwcjgocd.net udp
US 8.8.8.8:53 eoamyu.org udp
US 8.8.8.8:53 xqlaeyt.org udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 ezdqqbv.net udp
US 8.8.8.8:53 okuswg.org udp
US 8.8.8.8:53 dgvnypbsz.net udp
US 8.8.8.8:53 rarogmgml.com udp
US 8.8.8.8:53 usbbkfroyufk.net udp
US 8.8.8.8:53 odtvtadoptzt.info udp
BG 212.104.118.242:26835 tcp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 fkvylsguoan.info udp
US 8.8.8.8:53 ihkxruu.net udp
US 8.8.8.8:53 zianfzsh.info udp
US 8.8.8.8:53 itxqjpkcbqfn.net udp
US 8.8.8.8:53 jbwrojmvxi.net udp
US 8.8.8.8:53 lmvxpezwq.net udp
US 8.8.8.8:53 eglzww.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 smssik.com udp
US 8.8.8.8:53 liyblmrbl.com udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 mmrelxp.net udp
US 8.8.8.8:53 mhzvjdntnn.info udp
US 8.8.8.8:53 huuykmy.net udp
US 8.8.8.8:53 fvtkrqkxh.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 pfjwsabwxf.net udp
US 8.8.8.8:53 eimmgikc.org udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 gryvxxq.net udp
US 8.8.8.8:53 vdzoiea.info udp
US 8.8.8.8:53 juwjci.info udp
US 8.8.8.8:53 iuflcspyn.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 nowvyjklfg.info udp
US 8.8.8.8:53 szfzta.info udp
US 8.8.8.8:53 bzrxhobotgb.org udp
US 8.8.8.8:53 saajdqygl.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 ywpyuxnpz.net udp
US 8.8.8.8:53 evgyifwkl.net udp
US 8.8.8.8:53 aqdhtlqcrv.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
SA 87.120.170.183:19791 tcp
US 8.8.8.8:53 xvyvvj.net udp
US 8.8.8.8:53 rrwwwwrffqp.info udp
US 8.8.8.8:53 rixfjt.net udp
US 8.8.8.8:53 seimuaqoaqqq.org udp
US 8.8.8.8:53 barnpku.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 jrvwcasfvg.info udp
US 8.8.8.8:53 ousacquu.org udp
US 8.8.8.8:53 wmecyk.org udp
US 8.8.8.8:53 hozwjx.info udp
US 8.8.8.8:53 omapaz.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 pkkcnhpccgh.com udp
US 8.8.8.8:53 xihshiemugv.com udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 qivshza.net udp
US 8.8.8.8:53 repoiapo.info udp
US 8.8.8.8:53 zlpwyxtkmm.net udp
US 8.8.8.8:53 caoimggiuico.com udp
US 8.8.8.8:53 pcblbg.info udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 yyfxtfqyx.info udp
US 8.8.8.8:53 ckwycauo.org udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 vcboostd.net udp
US 8.8.8.8:53 emookwkcagym.com udp
US 8.8.8.8:53 dalmnvkkntf.info udp
US 8.8.8.8:53 dfpghkb.com udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 eutomkuvg.net udp
US 8.8.8.8:53 ewjkbkfejmf.net udp
US 8.8.8.8:53 tajluerio.info udp
US 8.8.8.8:53 mcptdvvp.info udp
US 8.8.8.8:53 hytuaktotgt.com udp
US 8.8.8.8:53 tgndvkxmj.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 uokagugw.com udp
US 8.8.8.8:53 sqekqkamck.com udp
US 8.8.8.8:53 sqtsjvlbf.info udp
US 8.8.8.8:53 gmvvmsn.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 omysbfkkxol.info udp
US 8.8.8.8:53 ginjfis.net udp
US 8.8.8.8:53 npskrwuzpn.net udp
US 8.8.8.8:53 awaoukms.com udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 fusrtuevxut.com udp
US 8.8.8.8:53 kiygoqmkqiee.com udp
US 8.8.8.8:53 onqenwgbgjkq.info udp
GB 86.135.21.64:15538 tcp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 aoowaqcwaw.org udp
US 8.8.8.8:53 tbyhqbye.net udp
US 8.8.8.8:53 dbduvirmu.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 nlbankm.org udp
US 8.8.8.8:53 intledvz.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 sekscaqwmaea.com udp
US 8.8.8.8:53 rvhukprknerl.net udp
US 8.8.8.8:53 tfucfbbwq.info udp
US 8.8.8.8:53 sozulgtvc.info udp
US 8.8.8.8:53 zogozuio.net udp
US 8.8.8.8:53 nzostdtlp.net udp
US 8.8.8.8:53 jwnqayxz.info udp
US 8.8.8.8:53 lkxytgsxz.info udp
US 8.8.8.8:53 iyhwzj.info udp
US 8.8.8.8:53 lrpembevxq.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 esnwveh.info udp
US 8.8.8.8:53 knxkdweuub.net udp
US 8.8.8.8:53 lvjjehil.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 oucwokucauei.org udp
US 8.8.8.8:53 czcpzygn.net udp
US 8.8.8.8:53 zkdcbad.net udp
US 8.8.8.8:53 tigigklbvym.info udp
US 8.8.8.8:53 dccasfsyu.com udp
US 8.8.8.8:53 vqigtwn.com udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 wqqczmkqawns.net udp
US 8.8.8.8:53 dgvffz.net udp
US 8.8.8.8:53 zhaieayynu.info udp
US 8.8.8.8:53 wqgikeikmygs.org udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 gdnbriimynhc.info udp
US 8.8.8.8:53 fnzwwxmvpa.info udp
US 8.8.8.8:53 lnanjh.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 fgecrkxyb.com udp
US 8.8.8.8:53 wbpgaboumqt.net udp
US 8.8.8.8:53 emesyy.org udp
US 8.8.8.8:53 jdfdiamaukju.net udp
US 8.8.8.8:53 lgzzweqbfvch.net udp
US 8.8.8.8:53 narxtsr.org udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 sgmmqy.com udp
US 8.8.8.8:53 wiymyyywa.info udp
BG 93.155.217.237:39355 tcp
US 8.8.8.8:53 aksyokqkcukm.org udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 yofczkhqpms.info udp
US 8.8.8.8:53 pylijvdtvr.info udp
US 8.8.8.8:53 vwsoggmynqh.org udp
US 8.8.8.8:53 gypjrqs.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 aoykmoiwmg.org udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 fkxprtliq.net udp
US 8.8.8.8:53 eweeusmy.org udp
US 8.8.8.8:53 tfrwxxxm.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 ldzostsqzdog.net udp
US 8.8.8.8:53 yaommo.com udp
US 8.8.8.8:53 fxjefaz.org udp
US 8.8.8.8:53 edrmpnf.info udp
US 8.8.8.8:53 asigxmqnxub.net udp
US 8.8.8.8:53 gesgcqqecmok.org udp
US 8.8.8.8:53 rendhgjruhhx.net udp
US 8.8.8.8:53 txnmzxyojus.org udp
US 8.8.8.8:53 yylwfqj.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 lqhvxuz.com udp
US 8.8.8.8:53 fdzeikjmpo.info udp
US 8.8.8.8:53 datsiikuj.net udp
US 8.8.8.8:53 eeuouoayeo.com udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 yrezbz.info udp
US 8.8.8.8:53 ibjspd.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 fafavuuyo.net udp
US 8.8.8.8:53 yyhqkmcfww.net udp
US 8.8.8.8:53 oawtzmb.info udp
US 8.8.8.8:53 yseyum.org udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 wbbhrvgrqu.net udp
US 8.8.8.8:53 vpzdgzv.net udp
US 8.8.8.8:53 dmbknysgg.org udp
US 8.8.8.8:53 ykcemikgka.com udp
US 8.8.8.8:53 pcfndjsn.net udp
US 8.8.8.8:53 suquyoyooksm.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 rprmetxk.net udp
US 8.8.8.8:53 howjocnb.net udp
US 8.8.8.8:53 uybazwfqrxr.info udp
US 8.8.8.8:53 xmzgfbbwwpo.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 ygimca.com udp
US 8.8.8.8:53 qwzqzciqb.net udp
US 8.8.8.8:53 tzgazufkh.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 xribplzk.info udp
US 8.8.8.8:53 aeleuofmvly.info udp
CY 62.228.214.77:22068 tcp
US 8.8.8.8:53 mchczirymvk.info udp
US 8.8.8.8:53 lvmzao.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 fdchrb.info udp
US 8.8.8.8:53 nltbtkzpuqh.org udp
US 8.8.8.8:53 gefqupovtspz.info udp
US 8.8.8.8:53 nwjezix.net udp
US 8.8.8.8:53 nhvqqzjcbtb.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 uaqoco.org udp
US 8.8.8.8:53 mobsolfrxym.info udp
US 8.8.8.8:53 rammtman.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 vgqgbvv.com udp
US 8.8.8.8:53 sxbnmf.info udp
US 8.8.8.8:53 osqmiw.com udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 ukuqiioq.com udp
US 8.8.8.8:53 eubktu.info udp
US 8.8.8.8:53 xkbinqlub.org udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 hxhjhg.net udp
US 8.8.8.8:53 txnrsljc.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 gqfecw.net udp
US 8.8.8.8:53 vmzkhybal.com udp
US 8.8.8.8:53 tnqeljbmaodb.info udp
US 8.8.8.8:53 rwjurhh.org udp
US 8.8.8.8:53 lhunovnibe.net udp
US 8.8.8.8:53 mewqbgtuhpjh.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 vquohwhgxy.info udp
US 8.8.8.8:53 qghndknkfib.info udp
US 8.8.8.8:53 vhslbqdz.net udp
US 8.8.8.8:53 fkykpg.net udp
US 8.8.8.8:53 tobtjoud.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 wtzhqtiukizg.net udp
DE 89.116.169.141:30356 tcp
US 8.8.8.8:53 rahjdfquyme.org udp
US 8.8.8.8:53 twzaiw.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 ttnjrhs.net udp
US 8.8.8.8:53 ycvaibx.net udp
US 8.8.8.8:53 xmiajclfh.info udp
US 8.8.8.8:53 yhhoqkjyjp.net udp
US 8.8.8.8:53 ypnmaeey.info udp
US 8.8.8.8:53 dffyyghnym.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 koccycoymg.org udp
US 8.8.8.8:53 dwsgoqw.net udp
US 8.8.8.8:53 tqqxed.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 rwkchlj.org udp
US 8.8.8.8:53 okyzsos.net udp
US 8.8.8.8:53 rtefhvtfbb.info udp
US 8.8.8.8:53 tyozuvasqmyo.info udp
US 8.8.8.8:53 oagghmwo.net udp
US 8.8.8.8:53 rohkraa.info udp
US 8.8.8.8:53 csmakzbues.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 qdiztg.info udp
US 8.8.8.8:53 pvimfgudss.net udp
US 8.8.8.8:53 aktlhxthivik.net udp
US 8.8.8.8:53 ezzkvthr.info udp
US 8.8.8.8:53 jklsrlrkj.org udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 wkvlfnitsmxn.net udp
US 8.8.8.8:53 nbdnby.net udp
US 8.8.8.8:53 kgwcqccfctor.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 yxrtyvnynrzx.info udp
US 8.8.8.8:53 ysvsimnvff.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 aycslmxgr.info udp
US 8.8.8.8:53 zyjnoachwtrr.info udp
US 8.8.8.8:53 tuhvrdel.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 cwegwg.org udp
GB 89.191.127.123:33171 tcp
US 8.8.8.8:53 zarxuu.net udp
US 8.8.8.8:53 loewnsai.net udp
US 8.8.8.8:53 ekvojwletyz.info udp
US 8.8.8.8:53 zifnnb.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 slpudjztvg.net udp
US 8.8.8.8:53 qapivof.net udp
US 8.8.8.8:53 oozifimaf.net udp
US 8.8.8.8:53 fcxgdsz.com udp
US 8.8.8.8:53 idtkeovub.net udp
US 8.8.8.8:53 ymhqxkvcn.info udp
US 8.8.8.8:53 jbacuchohmfp.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 hujffpkzw.org udp
US 8.8.8.8:53 dgozcitgrac.net udp
US 8.8.8.8:53 wuffxwlb.info udp
US 8.8.8.8:53 yybufaegqcc.net udp
US 8.8.8.8:53 ettbde.info udp
US 8.8.8.8:53 mkkaokck.org udp
US 8.8.8.8:53 osnkmof.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 hzolpf.info udp
US 8.8.8.8:53 fjlsfmfzbonp.info udp
US 8.8.8.8:53 ykdtsg.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 xglgikk.org udp
US 8.8.8.8:53 ylcwflpnpxth.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 lyfqledmb.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 gakctwplrid.info udp
US 8.8.8.8:53 xwquhhxnlwta.info udp
US 8.8.8.8:53 vheeegzid.info udp
US 8.8.8.8:53 sktoxkjkiml.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 ttclarlnrf.info udp
US 8.8.8.8:53 xlzyqnqsby.info udp
US 8.8.8.8:53 uzvmajb.net udp
US 8.8.8.8:53 ahgrsi.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 xjlulezyn.net udp
US 8.8.8.8:53 srbwryub.net udp
US 8.8.8.8:53 lizvtrllzt.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 goxrbc.info udp
US 8.8.8.8:53 himwlg.info udp
US 8.8.8.8:53 behipkxybae.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 ztwhumzdp.net udp
US 8.8.8.8:53 xbpezstkdcv.org udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 bchttznyk.net udp
US 8.8.8.8:53 tufcunhxajif.info udp
US 8.8.8.8:53 pgacpb.info udp
US 8.8.8.8:53 bytavuir.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 qbzsfpvhbs.info udp
US 8.8.8.8:53 wqnjnqpbdz.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 jylokyhyjbp.info udp
US 8.8.8.8:53 xizlzkfxlcd.net udp
US 8.8.8.8:53 qwwqma.com udp
US 8.8.8.8:53 dctdrchij.com udp
US 8.8.8.8:53 bmzpxcmoz.com udp
US 8.8.8.8:53 sqvsvdlut.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 uohutebsbme.net udp
US 8.8.8.8:53 kmmaauko.org udp
US 8.8.8.8:53 runvkj.info udp
US 8.8.8.8:53 lawvohhxox.info udp
US 8.8.8.8:53 ewkqgywskasg.org udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 cqlovot.net udp
US 8.8.8.8:53 gafgtqtec.info udp
US 8.8.8.8:53 vmrzybdk.net udp
US 8.8.8.8:53 jsjoguiob.com udp
US 8.8.8.8:53 vgwgpmtyftv.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 vtamfyw.org udp
US 8.8.8.8:53 nqmijhobjitu.info udp
US 8.8.8.8:53 ofaqwp.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 vevivzpezoh.com udp
US 8.8.8.8:53 kthcsoxy.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 peviuijqt.com udp
US 8.8.8.8:53 lkvebr.info udp
US 8.8.8.8:53 dozxhutclyx.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 dwycjaevb.info udp
US 8.8.8.8:53 bhqndybxjor.net udp
US 8.8.8.8:53 dxvevsig.info udp
US 8.8.8.8:53 hpyynhszmwlk.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 xekakmbgxun.com udp
US 8.8.8.8:53 jdykvwei.info udp
US 8.8.8.8:53 dngcvhowlab.net udp
US 8.8.8.8:53 vbqpjmr.net udp
US 8.8.8.8:53 wjuotofii.info udp
US 8.8.8.8:53 muhthtzyzjny.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 xffxdlzetct.com udp
US 8.8.8.8:53 xabfkire.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 bdvjhsx.org udp
US 8.8.8.8:53 osbrtk.net udp
US 8.8.8.8:53 dyfwwcvgfft.org udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 fidkllj.net udp

Files

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

MD5 1dd5dd5561723f37ccc81e15ecdbf830
SHA1 eeb9131c8d276ceb710d163e89fdc62b3e111971
SHA256 c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126
SHA512 b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5

C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe

MD5 b83fcfe1963876af901a35e7f36a53a0
SHA1 3fb06cf673b7034254f4beae6b14e7122f82816f
SHA256 9aab7948f428921efcc735e88e5adad78ff27a73e6cb2d54d9cfddae3286cf22
SHA512 5b4a32891aed254617e48f92bf7003a68a1f377ae9b9a73ce7209ea98a389d39270ba311be1e21b6bb051bd51968f51bfdb6c73624f8000edb84c041ed5201e3

C:\Users\Admin\AppData\Local\Temp\efonx.exe

MD5 082a1feb8ae407e8bbb76d213e616038
SHA1 eeb91b6dcc33b2d9b0126a86535c5b34a38bd3bb
SHA256 fd7ca082fd1f46df4b0889cd44d5df7368656374dbbc4cf924f9234c7bc98e58
SHA512 52edcc65a3ae470b6f87e0a57c00cfbded08eff39836cfc7b334f6f6283a2e401018778743ffef4159b2f32171f2f3564404151e38b878538c781e96e74ffece

C:\Users\Admin\AppData\Local\vvdbkoouwzjixupbovppxveiio.tdc

MD5 9ed05e9cc778a857b905fc6f52a664ec
SHA1 5abb5545dbf65e717fa99b3ba95fb173b1c26c19
SHA256 5598fa00aba3376f05f8cf3b1499c975da65c41a9e688c38065e0ca64b8d2c29
SHA512 a4d8141e9b05090c47f524f67ba415d444e8d5ab632393f0095c41818e515f16065174abb1b103123c4e3a5f5cb6014ebf47007372a96407d2d3de7b4f5401e0

C:\Users\Admin\AppData\Local\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx

MD5 5ff48510b43f94c7da9fea97b15e3eb2
SHA1 b3dc5158f7d4de36f92c2289811d86ebda8e4e69
SHA256 225b0759c951c4a15e25b6013c9346bfa874cd78be32198d46918d9649511499
SHA512 9677341e8e9b0c76a8aacc83f94b329df79a3e27ef2d9f1b47a396ecc38870264667393d3e41db38f40fc20425e773dcd36697eb9725800b59f7dbf9d0311541

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 191d08fb0b64dfaa2064d58b92b9908b
SHA1 c9e3790aea029b65d3ebf9b1ff31e09958da56d7
SHA256 2c22de693e2f1c4e312dff1f443ccd7916bb27d7ed199194203ffdc896e36e25
SHA512 b66d7fca1f7bc710eedde5059c54404bfd8269ac6deb4916e0101b3a25b49b51d13b3d42706fb8ee2153015bce92dfd6bee12a2f641a062e7c176de587633507

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 0eeaf831d2254c1cb67b3a0ff7b99342
SHA1 593b71ea07839d6c5077ca0de7654d55e72ef0ef
SHA256 b0a55af599634e89bff8f0c39c867762a5ed9c9344cdab292bc1d498650531c3
SHA512 2ed09be05820f54de24fb63cd67d488f550e71a6941459108cc3add65faf547065ae1860da69cd38fa38e937fb0b4882ef6c2a0c509e66b06a96e227e9f95bab

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 06da01e51ddf19c3dd6098cb4e832111
SHA1 1cd19f242c19351a62c0135fc1b96bc49d75e215
SHA256 5fdc7f6a6db2ca790c109616cda65a0b14588aa7fe1828ea2d3176b6deae85b8
SHA512 ca30921b5af9db38501a3ea91c7232b13d28b918ce73d7d56b3d9f156317ba0226cca418615275396806c2f1ab94273334eadaff520ced947618a71775b3db09

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 f19ea128259dd056c543290bafa6452a
SHA1 863fecca4c3abba735a48978dc81dd722dc7fce5
SHA256 f0408963777902b43275314bca84b4d4ab09092bb48fb7f2700b9f833b804dae
SHA512 502c6ef5bd56b78c70d5b0d3a6383f8988c31a836f016696da0318806e1201ea18190ddfa0156d89b80c0074a667fd3453b1d8bdc610ee57bb81d58fd5591410

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 173ccaf2898804074958f19f72cb08db
SHA1 c106485af8b9b412aa3a41a459fca9087df088ce
SHA256 6d0495d65644b4155c604eac1b6f7fb78ac47938b37f0e8c68f691920825ae26
SHA512 d3f3b6adcb02965d1e1ddeb1f6114ce89b33cac30ea003a10619a75a2fc8a0121ea5920fd359bd36f21f362b085e779c6c1f84eadf475eb91b0737753debc4f7

C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc

MD5 d9c04b4353db1e00aa5e1d736b6fbabf
SHA1 f88a7f1d53a830a909be8697fd177dc19d2dcdd8
SHA256 e6fedf4120ce3e5244ea45a672e3f5d96febaa88c2a399153bc4bbf569b85ca2
SHA512 b04b0cb02cb2970bd8faa2efdea92fd9054ee5e18c35d4703f626ce58dafad2dfdbf9dcd1f1d22ae399f9342c19ab3c766a07df1c3711ac42099bec9d5d64f0c