Malware Analysis Report

2025-08-10 16:33

Sample ID 250417-2red4swrz6
Target JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66
SHA256 451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507
Tags
pykspa discovery worm defense_evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507

Threat Level: Known bad

The file JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66 was found to be: Known bad.

Malicious Activity Summary

pykspa discovery worm defense_evasion persistence privilege_escalation trojan

UAC bypass

Pykspa

Pykspa family

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Drops autorun.inf file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-17 22:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-17 22:48

Reported

2025-04-17 22:51

Platform

win10v2004-20250314-en

Max time kernel

2s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

Signatures

Pykspa

worm pykspa

Pykspa family

pykspa

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\zcnmr.exe

"C:\Users\Admin\AppData\Local\Temp\zcnmr.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Users\Admin\AppData\Local\Temp\zcnmr.exe

"C:\Users\Admin\AppData\Local\Temp\zcnmr.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Windows\mcamewnnwsznjlmyyc.exe

mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\dspariyxfagtoppaz.exe

dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe

C:\Windows\wkgqgwljqkpbvvue.exe

wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe

C:\Windows\zstidysvhgqhglpehongh.exe

zstidysvhgqhglpehongh.exe .

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe

C:\Windows\kccqkexzkirhfjmacigy.exe

kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Windows\xonatmefpmujgjlyzeb.exe

xonatmefpmujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.251.31.93:80 www.youtube.com tcp
LT 78.59.14.109:36528 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 fwlouz.info udp
US 8.8.8.8:53 melmtya.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 mrnioqatteki.info udp
US 8.8.8.8:53 shzszg.info udp
US 8.8.8.8:53 hkhydgd.org udp
US 8.8.8.8:53 jcakxgkrpc.info udp
US 8.8.8.8:53 zgbwzzfzd.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 znoxafxv.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 rszuzf.info udp
US 8.8.8.8:53 fhckodmcgipu.net udp
US 8.8.8.8:53 vbaqxadm.info udp
US 8.8.8.8:53 ecaasowmqcgq.com udp
US 8.8.8.8:53 arbupypqjqt.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 giaiyiskou.org udp
US 8.8.8.8:53 atvezr.net udp
US 8.8.8.8:53 usjbdw.net udp
US 8.8.8.8:53 zyritwb.net udp
US 8.8.8.8:53 lnlyfro.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 yguwihbs.net udp
US 8.8.8.8:53 snciwx.info udp
US 8.8.8.8:53 pekjtwz.info udp
US 8.8.8.8:53 frkujlxv.net udp
US 8.8.8.8:53 qtlffe.info udp
US 8.8.8.8:53 omwwae.com udp
US 8.8.8.8:53 vkfxrajsf.net udp
US 8.8.8.8:53 ljnhicus.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 umuhhynxe.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 lpgnnftjlf.info udp
US 8.8.8.8:53 awhazevhpif.net udp
US 8.8.8.8:53 vywmfsg.info udp
US 8.8.8.8:53 lalckpw.org udp
BG 93.155.153.12:13119 tcp
US 8.8.8.8:53 mkeqjhreyr.net udp
US 8.8.8.8:53 ehirgkfvbgfz.info udp
US 8.8.8.8:53 lyqgmjhmeabz.net udp
US 8.8.8.8:53 gwdzpf.net udp
US 8.8.8.8:53 yocsuosc.org udp
US 8.8.8.8:53 tnrpfshuhz.info udp
US 8.8.8.8:53 gqpslhwtymm.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 nqxzsepihy.info udp
US 8.8.8.8:53 jblibyiq.info udp
US 8.8.8.8:53 bafvbseu.net udp
US 8.8.8.8:53 kieqeygwckwo.org udp
US 8.8.8.8:53 akymec.org udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ywhmjli.info udp
US 8.8.8.8:53 dlbrfthyamhk.info udp
US 8.8.8.8:53 egieagmeog.com udp
US 8.8.8.8:53 wdvgxmmei.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 xezhmxnr.net udp
US 8.8.8.8:53 ogisquush.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 cfhthzfvpgof.info udp
US 8.8.8.8:53 ipdffnqomza.info udp
US 8.8.8.8:53 rvkkxmbeu.info udp
US 8.8.8.8:53 uroidgr.net udp
US 8.8.8.8:53 fvpbycbl.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 tcgpdshnlzn.info udp
US 8.8.8.8:53 cfhwqvbpcqlp.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 swoswi.com udp
US 8.8.8.8:53 mgmqaeaamqwq.com udp
US 8.8.8.8:53 lesqwaxsp.org udp
US 8.8.8.8:53 koyaoo.org udp
US 8.8.8.8:53 cddevqxvxax.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 kieobyn.info udp
US 8.8.8.8:53 vgqentkoi.info udp
US 8.8.8.8:53 gentzog.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 byvubybpbyp.org udp
US 8.8.8.8:53 wyhezmsczn.net udp
US 8.8.8.8:53 zqtlym.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 khpgykidabpz.net udp
US 8.8.8.8:53 qoqgssiamw.org udp
US 8.8.8.8:53 qjeothjvpi.info udp
US 8.8.8.8:53 dsfafoo.org udp
US 8.8.8.8:53 tkogwcozrm.net udp
US 8.8.8.8:53 wsbczbeargj.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 uyllfludxmds.net udp
US 8.8.8.8:53 durctxjm.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 yotgdtu.info udp
US 8.8.8.8:53 krvmalvz.info udp
US 8.8.8.8:53 iwwewy.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 ssicoqiu.org udp
US 8.8.8.8:53 sldlraxv.info udp
US 8.8.8.8:53 bmxgjgdvvnc.org udp
US 8.8.8.8:53 fbtvyn.net udp
US 8.8.8.8:53 pakkxflvef.info udp
US 8.8.8.8:53 iyhkujo.info udp
US 8.8.8.8:53 spyxrh.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 mrqibpdy.info udp
US 8.8.8.8:53 iiikcseeky.com udp
US 8.8.8.8:53 yyrsqfjuzpfi.info udp
US 8.8.8.8:53 awsknaors.net udp
US 8.8.8.8:53 okqcuuagcksy.com udp
US 8.8.8.8:53 nmmlzrnclv.info udp
US 8.8.8.8:53 badgacsmetlw.net udp
US 8.8.8.8:53 qgmsicgi.com udp
US 8.8.8.8:53 lbdimib.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 mgakyw.org udp
US 8.8.8.8:53 btkcujkm.net udp
US 8.8.8.8:53 dzvdqilw.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 xalrnllotolw.info udp
MD 92.115.169.145:37193 tcp
US 8.8.8.8:53 cyrssehn.info udp
US 8.8.8.8:53 xwwuidtujxn.net udp
US 8.8.8.8:53 ssjedoeeqlr.net udp
US 8.8.8.8:53 lubnpqo.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 scipdil.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 aufjfmjyr.info udp
US 8.8.8.8:53 lankjshbtwv.org udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 wwqwxgk.info udp
US 8.8.8.8:53 bvdsbsx.com udp
US 8.8.8.8:53 fqtifgu.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 nehxbefuj.com udp
US 8.8.8.8:53 ocequjj.net udp
US 8.8.8.8:53 pnkpttfqgo.info udp
US 8.8.8.8:53 zdznrvcbgb.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 eoqguy.com udp
US 8.8.8.8:53 vrklwox.com udp
US 8.8.8.8:53 yekuko.org udp
US 8.8.8.8:53 ndvcrfytflrt.info udp
US 8.8.8.8:53 goicmseemg.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 qsgumusi.org udp
US 8.8.8.8:53 umhixebfgiu.net udp
US 8.8.8.8:53 rzuvgm.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 rvpqxljrne.info udp
US 8.8.8.8:53 wmhwufbslm.net udp
US 8.8.8.8:53 iwcklehnycce.info udp
US 8.8.8.8:53 giuukyis.org udp
US 8.8.8.8:53 bwxyeetax.org udp
US 8.8.8.8:53 rgpohzrtyehd.net udp
US 8.8.8.8:53 vgogwut.com udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 vihltadbyh.info udp
US 8.8.8.8:53 becbto.net udp
US 8.8.8.8:53 lplonhxr.info udp
US 8.8.8.8:53 galpytamekb.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 lgpmtczyb.com udp
US 8.8.8.8:53 ieflxorcxlda.info udp
US 8.8.8.8:53 fqryfjhjchf.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 wceuyk.com udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 ymgafdp.info udp
US 8.8.8.8:53 lrtyjgvn.info udp
US 8.8.8.8:53 misbovk.info udp
US 8.8.8.8:53 akzefcfstiz.info udp
US 8.8.8.8:53 aodrnf.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 annodmpgpgt.info udp
US 8.8.8.8:53 rijloqzcmkn.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 tgisahrweact.info udp
US 8.8.8.8:53 wgoeqyoe.com udp
GB 84.32.152.67:27662 tcp
US 8.8.8.8:53 hknomekao.net udp
US 8.8.8.8:53 tbcxdpbtviej.info udp
US 8.8.8.8:53 akfumt.net udp
US 8.8.8.8:53 ohxkbrxz.net udp
US 8.8.8.8:53 ptrwzqh.com udp
US 8.8.8.8:53 pmoccprg.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 jjszth.net udp
US 8.8.8.8:53 nvndmion.net udp
US 8.8.8.8:53 zsftuqqhng.net udp
US 8.8.8.8:53 jwzozya.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 iggksimq.com udp
US 8.8.8.8:53 xtsmvxqlvf.net udp
US 8.8.8.8:53 bmnzkd.net udp
US 8.8.8.8:53 dqlfzeledtff.info udp
US 8.8.8.8:53 emzmgww.net udp
US 8.8.8.8:53 jvkqzqh.info udp
US 8.8.8.8:53 qzjwewdzbon.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 couocicwvov.info udp
US 8.8.8.8:53 bcronoaebok.org udp
US 8.8.8.8:53 guqlbeogd.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 pitanw.info udp
US 8.8.8.8:53 rihszrhcliz.net udp
US 8.8.8.8:53 queukt.net udp
US 8.8.8.8:53 gciuqsamws.org udp
US 8.8.8.8:53 mirpybofkcng.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 aieyowqu.com udp
US 8.8.8.8:53 amtfquscgulv.net udp
US 8.8.8.8:53 otjvbwwefeho.net udp
US 8.8.8.8:53 jffyykbido.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 hjrdri.net udp
US 8.8.8.8:53 akoyqswiso.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 zwewbhrn.net udp
US 8.8.8.8:53 ptyedgj.org udp
US 8.8.8.8:53 ykitxkptqqdg.info udp
US 8.8.8.8:53 nsomhgj.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 usqioggm.org udp
US 8.8.8.8:53 mmqywggeoass.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 ceolurwbxs.net udp
US 8.8.8.8:53 cozglyhnvil.net udp
US 8.8.8.8:53 nzibocagjwdd.info udp
US 8.8.8.8:53 wwkusskwkaqs.com udp
US 8.8.8.8:53 rzzcbemuzj.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 drneoclkpdv.com udp
US 8.8.8.8:53 vmpdfhauxe.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 mcgomk.com udp
US 8.8.8.8:53 bfnlfvbwhq.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 vsjzjaxlrunq.net udp
US 8.8.8.8:53 ksveeullrsfq.info udp
US 8.8.8.8:53 gczhlszbz.net udp
US 8.8.8.8:53 dncjeqmvgi.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 otfpkctjvo.net udp
US 8.8.8.8:53 wykuqawmiiaq.com udp
US 8.8.8.8:53 vkxyvuqz.net udp
US 8.8.8.8:53 gqvuegnsv.net udp
US 8.8.8.8:53 oldzjigbxvwy.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 rwwqgjg.net udp
US 8.8.8.8:53 ggpaakqufks.net udp
US 8.8.8.8:53 zrzaznogvkr.org udp
US 8.8.8.8:53 qwdmnvv.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 jxirkuko.info udp
US 8.8.8.8:53 tgfgdpdif.org udp
US 8.8.8.8:53 uumxhcvb.info udp
US 8.8.8.8:53 aiwmqyoeaq.org udp
US 8.8.8.8:53 lccspfkkb.net udp
US 8.8.8.8:53 ekzmladcvdn.info udp
US 8.8.8.8:53 dzrxvhpuxud.org udp
US 8.8.8.8:53 csaydispukoh.net udp
GB 92.239.57.38:26660 tcp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 qqselzcgvsd.info udp
US 8.8.8.8:53 ilxrzxfv.net udp
US 8.8.8.8:53 pfudfoxqxljg.info udp
US 8.8.8.8:53 fyhcouhsdje.com udp
US 8.8.8.8:53 eqgayqycgo.org udp
US 8.8.8.8:53 mqgiwc.com udp
US 8.8.8.8:53 wisasmn.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 tsxlda.net udp
US 8.8.8.8:53 yciykeemcc.com udp
US 8.8.8.8:53 aezvje.info udp
US 8.8.8.8:53 puaqbshsmsu.info udp
US 8.8.8.8:53 uqggmoww.org udp
US 8.8.8.8:53 srfnlof.info udp
US 8.8.8.8:53 gsdnluxwzt.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 yomyyiwkki.com udp
US 8.8.8.8:53 dslujs.info udp
US 8.8.8.8:53 yzxwucaklwf.info udp
US 8.8.8.8:53 sgjcazh.info udp
US 8.8.8.8:53 zfrceibmb.info udp
US 8.8.8.8:53 tbtoznpjhmxz.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 kbbhdhjd.info udp
US 8.8.8.8:53 vwsqskcuszjg.info udp
US 8.8.8.8:53 zkzafmkv.net udp
US 8.8.8.8:53 byvhdu.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 gynkzsbmd.info udp
US 8.8.8.8:53 guwceesuqy.org udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 lgadpt.info udp
US 8.8.8.8:53 vadgiflcpos.com udp
US 8.8.8.8:53 lyvwpbhiskz.info udp
US 8.8.8.8:53 eesglwteg.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 xkzoaxbib.net udp
US 8.8.8.8:53 ruahvqxcl.net udp
US 8.8.8.8:53 pojjqbzo.info udp
US 8.8.8.8:53 qgomaygc.org udp
US 8.8.8.8:53 iipkjjdjvgb.net udp
US 8.8.8.8:53 oaekwkce.org udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 knfnznfnkl.info udp
US 8.8.8.8:53 xapkdxonfld.org udp
US 8.8.8.8:53 bqdindvszcl.com udp
LT 78.61.156.19:24870 tcp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 nxvgtjdslq.net udp
US 8.8.8.8:53 xhrszvxh.net udp
US 8.8.8.8:53 ptrykvyaqjqt.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 qpttpgigjh.net udp
US 8.8.8.8:53 kafddbmzbuzy.info udp
US 8.8.8.8:53 rwduxta.com udp
US 8.8.8.8:53 wwwfmtzs.net udp
US 8.8.8.8:53 ztxulci.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 esnqcwxotkv.net udp
US 8.8.8.8:53 iifsaepfow.info udp
US 8.8.8.8:53 eciiic.com udp
US 8.8.8.8:53 burujihmd.net udp
US 8.8.8.8:53 mvnwmorrhis.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 jxrczth.info udp
US 8.8.8.8:53 rdgexeeagi.info udp
BG 130.204.114.238:43084 tcp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ocpgzseum.info udp
US 8.8.8.8:53 debnfmugeyt.com udp
US 8.8.8.8:53 lzflsbcxfg.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 pgnetnpcfsb.info udp
US 8.8.8.8:53 oksywseq.com udp
US 8.8.8.8:53 wuwubg.info udp
US 8.8.8.8:53 qmwiiamrr.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 ffdjwawu.net udp
US 8.8.8.8:53 ahdyzodyeqv.net udp
US 8.8.8.8:53 zlgdxenbxtzm.net udp
US 8.8.8.8:53 pqhafmk.com udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 welguhqyhnzh.info udp
US 8.8.8.8:53 rlvduq.info udp
US 8.8.8.8:53 fwudyrfm.net udp
US 8.8.8.8:53 pnduxwbytf.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 iofsluo.info udp
US 8.8.8.8:53 aewwjno.net udp
US 8.8.8.8:53 tmseowr.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 pozrfqhqrtpr.info udp
US 8.8.8.8:53 dofimwq.com udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 eccvfi.info udp
US 8.8.8.8:53 iuhiiqj.info udp
US 8.8.8.8:53 uogegscemuce.org udp
US 8.8.8.8:53 mrjglvov.net udp
US 8.8.8.8:53 rrzqrwok.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 tmhmyuj.com udp
US 8.8.8.8:53 znwrfey.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 njgctdffsq.info udp
US 8.8.8.8:53 kvgpdclfzhpq.net udp
US 8.8.8.8:53 ztdytrxxvn.net udp
US 8.8.8.8:53 vexalitlx.info udp
US 8.8.8.8:53 gkkuoq.org udp
US 8.8.8.8:53 mecscwvz.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 setxymr.net udp
US 8.8.8.8:53 liqqfylx.info udp
US 8.8.8.8:53 ryxxlquuljd.com udp
LT 78.61.6.14:39988 tcp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 nkyibzo.org udp
US 8.8.8.8:53 otbpxdpeowh.net udp
US 8.8.8.8:53 seaocw.com udp
US 8.8.8.8:53 osokcmiauc.org udp
US 8.8.8.8:53 fqxkrvo.org udp
US 8.8.8.8:53 dvbqcjrwwfcd.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 phluvrn.org udp
US 8.8.8.8:53 xflarnfdul.net udp
US 8.8.8.8:53 syttdyd.info udp
US 8.8.8.8:53 ltngsnxbab.net udp
US 8.8.8.8:53 noindzl.org udp
US 8.8.8.8:53 smtqreeepww.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 fydmiec.org udp
US 8.8.8.8:53 uulwzmj.net udp
US 8.8.8.8:53 wzdvhxji.net udp
US 8.8.8.8:53 fibyjggit.net udp
US 8.8.8.8:53 dmkuxlfn.info udp
US 8.8.8.8:53 joftqc.info udp
US 8.8.8.8:53 jxnptwzwnajk.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 kgpkbzw.net udp
US 8.8.8.8:53 ittcboxupld.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 uyptprxt.info udp
US 8.8.8.8:53 slgiqnnv.net udp
US 8.8.8.8:53 vaiglvvkyiww.info udp
US 8.8.8.8:53 jcyuxwh.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 trxoladdd.info udp
US 8.8.8.8:53 vwdseqljtth.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 vunmjdlt.net udp
US 8.8.8.8:53 qfegmephx.net udp
US 8.8.8.8:53 mawewikkaego.com udp
US 8.8.8.8:53 oggayy.com udp
US 8.8.8.8:53 igomaqsauamy.com udp
US 8.8.8.8:53 optslvlo.net udp
US 8.8.8.8:53 uoikoagiku.com udp
US 8.8.8.8:53 eqyseaes.org udp
US 8.8.8.8:53 wqgcqaomcy.com udp
US 8.8.8.8:53 nkqefkp.com udp
US 8.8.8.8:53 riiirttt.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 myqgceuuqk.org udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 pazpei.net udp
US 8.8.8.8:53 yetkblzey.net udp
US 8.8.8.8:53 hstrgqs.info udp
US 8.8.8.8:53 fkydnhdcw.info udp
US 8.8.8.8:53 teybpyfil.net udp
US 8.8.8.8:53 kxbknpwwosul.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 mmdvjshaz.info udp
US 8.8.8.8:53 nynenfa.org udp
US 8.8.8.8:53 ozlitmt.net udp
US 8.8.8.8:53 qlwldqmeww.net udp
US 8.8.8.8:53 jwjsty.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 jnsvmuutaxol.info udp
US 8.8.8.8:53 fagpxnfauqo.org udp
RU 46.191.253.73:25244 tcp
US 8.8.8.8:53 zelwzqz.info udp
US 8.8.8.8:53 rrdqoqfgz.net udp
US 8.8.8.8:53 yiqkwokiqy.org udp
US 8.8.8.8:53 cociowyums.org udp
US 8.8.8.8:53 ldywpjnjkf.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 jyfcueac.net udp
US 8.8.8.8:53 uznfgsam.info udp
US 8.8.8.8:53 dpnohpmfpf.info udp
US 8.8.8.8:53 ptfsvoaa.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 zsmywgvdz.net udp
US 8.8.8.8:53 rrhwihgg.net udp
US 8.8.8.8:53 rqlnnmv.net udp
US 8.8.8.8:53 zoowfil.com udp
US 8.8.8.8:53 abtceupkeiq.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 benarp.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 fidrorzmcl.info udp
US 8.8.8.8:53 dgqardlcbo.net udp
US 8.8.8.8:53 cfjwneuxwsh.info udp
US 8.8.8.8:53 ugfkkkksuqmy.net udp
US 8.8.8.8:53 rftrgq.info udp
US 8.8.8.8:53 umhonoudh.info udp
US 8.8.8.8:53 esysqy.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 jgtmqhvriv.info udp
US 8.8.8.8:53 rvlfxjnuvwlp.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 vlvmpwndg.org udp
US 8.8.8.8:53 edowkfce.net udp
US 8.8.8.8:53 usyuuocmd.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 ajawzvbcv.net udp
US 8.8.8.8:53 depodej.info udp
US 8.8.8.8:53 lvkoldjobjy.org udp
US 8.8.8.8:53 xursjar.net udp
US 8.8.8.8:53 wgnivuffxwhk.info udp
US 8.8.8.8:53 firlacfl.info udp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
BG 46.47.122.190:36359 tcp
US 8.8.8.8:53 pfhbvh.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 xuzzqzqsla.info udp
US 8.8.8.8:53 uwtipwlmx.info udp
US 8.8.8.8:53 oktezkuh.net udp
US 8.8.8.8:53 zidinet.org udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 lmgeww.info udp
US 8.8.8.8:53 hvnqbem.net udp
US 8.8.8.8:53 zrxvxjalmajx.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 sobgugfypmlb.info udp
US 8.8.8.8:53 kyasiy.com udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 lhoftufunlfu.info udp
US 8.8.8.8:53 ilapywrkz.net udp
US 8.8.8.8:53 wjpsivcdqjl.net udp
US 8.8.8.8:53 blfbbmnb.info udp
US 8.8.8.8:53 tfzdkcntvm.info udp
US 8.8.8.8:53 xxhmjzjs.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 vcmpopgzvpzd.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 zuxwxedwiz.net udp
US 8.8.8.8:53 tmrvcj.net udp
US 8.8.8.8:53 gunqgkdcvtj.net udp
US 8.8.8.8:53 aowaiiga.org udp
US 8.8.8.8:53 fqtubgj.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 bgemkmngpwr.net udp
US 8.8.8.8:53 qiiasasuksyw.com udp
US 8.8.8.8:53 tkqwxun.com udp
US 8.8.8.8:53 jsgohkzasel.org udp
US 8.8.8.8:53 cczpqcrx.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 mtujjmvsrpfa.info udp
US 8.8.8.8:53 immpxad.net udp
US 8.8.8.8:53 tshjxb.net udp
US 8.8.8.8:53 medcnzqfno.net udp
US 8.8.8.8:53 oaykua.org udp
US 8.8.8.8:53 yfnidcr.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 guaiewqaic.com udp
US 8.8.8.8:53 pgfaobt.net udp
US 8.8.8.8:53 tngambyjl.com udp
US 8.8.8.8:53 gqumweaqoa.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 bnwlbwfvcp.net udp
US 8.8.8.8:53 whzthq.net udp
US 8.8.8.8:53 jdfytdpyq.org udp
US 8.8.8.8:53 dklsgqjqdqbx.net udp
LT 78.61.128.123:45110 tcp
US 8.8.8.8:53 pjzuwaz.info udp
US 8.8.8.8:53 jxahhv.info udp
US 8.8.8.8:53 alzrawhh.net udp
US 8.8.8.8:53 zazmfaswv.com udp
US 8.8.8.8:53 gmfcidtailmh.net udp
US 8.8.8.8:53 pzotphqq.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 tajqpe.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 bboobexk.net udp
US 8.8.8.8:53 ultklfdowrss.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 hpozvx.info udp
US 8.8.8.8:53 egueqeco.com udp
US 8.8.8.8:53 ykccouqq.com udp
US 8.8.8.8:53 xolxmhlk.net udp
US 8.8.8.8:53 jyhwxqvrj.com udp
US 8.8.8.8:53 audajqxwn.info udp
US 8.8.8.8:53 gafizml.net udp
US 8.8.8.8:53 oigagiemis.com udp
US 8.8.8.8:53 yquaague.com udp
US 8.8.8.8:53 owsgykqmiqyq.com udp
US 8.8.8.8:53 qgvvvu.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 fkamle.info udp
US 8.8.8.8:53 pzpihktq.net udp
US 8.8.8.8:53 cygqsguc.com udp
US 8.8.8.8:53 ielwtwggm.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 mokwqm.net udp
US 8.8.8.8:53 dapakzwisk.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 qywoaooq.com udp
US 8.8.8.8:53 wmboxjsww.net udp
US 8.8.8.8:53 bsleikf.com udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 jjiomhcb.net udp
US 8.8.8.8:53 komdnvwjqn.info udp
US 8.8.8.8:53 dsccrtldjjf.com udp
US 8.8.8.8:53 oomqwqouecmg.org udp
US 8.8.8.8:53 zrbuqcn.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 nfsccsgppeci.info udp
US 8.8.8.8:53 fvtkip.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 judunau.net udp
US 8.8.8.8:53 helorazwwgy.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 fhoyxnbagftb.info udp
US 8.8.8.8:53 agsjsap.info udp
US 8.8.8.8:53 glbgeolrbevq.net udp
US 8.8.8.8:53 npfczz.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ezdsbychcfg.net udp
US 8.8.8.8:53 meqqwq.com udp
US 8.8.8.8:53 seiuoaj.info udp
US 8.8.8.8:53 fbbvzf.net udp
US 8.8.8.8:53 gogmtfv.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 yiosqu.com udp
US 8.8.8.8:53 olfesuhylcp.net udp
US 8.8.8.8:53 whccxxnmdz.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 qkimmsqs.com udp
US 8.8.8.8:53 nynlnerqxef.net udp
US 8.8.8.8:53 dukthdxgfg.net udp
US 8.8.8.8:53 igkqoqic.com udp
US 8.8.8.8:53 tyxyrwrwi.net udp
US 8.8.8.8:53 tixnvb.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 wqvsjyqcn.info udp
US 8.8.8.8:53 xgrcgvngnbz.info udp
BG 93.123.1.71:29811 tcp
US 8.8.8.8:53 ywzgrqx.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 zspszstud.net udp
US 8.8.8.8:53 jghirkmdrmp.org udp
US 8.8.8.8:53 dcswpcf.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 ayiyqwcace.com udp
US 8.8.8.8:53 xztwajucrjiw.info udp
US 8.8.8.8:53 vsegoqnezap.com udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 xxahko.info udp
US 8.8.8.8:53 omxkxzrami.net udp
US 8.8.8.8:53 wrrcoalnkkym.net udp
US 8.8.8.8:53 latmbcagbpk.info udp
US 8.8.8.8:53 kgqoiq.com udp
US 8.8.8.8:53 anjzvod.net udp
US 8.8.8.8:53 uyukuwko.com udp
US 8.8.8.8:53 dompeqf.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 vopfdszyyab.info udp
US 8.8.8.8:53 fabonsz.net udp
US 8.8.8.8:53 sogmqqjgyhcr.info udp
US 8.8.8.8:53 pkgmqxnpqn.info udp
US 8.8.8.8:53 dlzyullobs.info udp
US 8.8.8.8:53 xmhczghybyp.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 yescie.com udp
US 8.8.8.8:53 iilappnwa.info udp
US 8.8.8.8:53 aazjaeqqkun.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 nqpysovwbou.org udp
US 8.8.8.8:53 xnjjrootdn.net udp
US 8.8.8.8:53 kmqccsucqq.com udp
US 8.8.8.8:53 jxnulkw.com udp
US 8.8.8.8:53 iclvcqqy.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 ckdwpsdkrta.info udp
US 8.8.8.8:53 bkwjld.info udp
US 8.8.8.8:53 qfbhwtvnae.info udp
BG 95.43.42.86:37703 tcp
US 8.8.8.8:53 ewwmgousuc.org udp
US 8.8.8.8:53 ptxgyjbq.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 jhhuolgcsjys.net udp
US 8.8.8.8:53 msfzcjaq.info udp
US 8.8.8.8:53 wcgmwieiis.com udp
US 8.8.8.8:53 acwwmswigqae.com udp
US 8.8.8.8:53 yetmxkxqh.net udp
US 8.8.8.8:53 lmsify.info udp
US 8.8.8.8:53 kwpeowv.net udp
US 8.8.8.8:53 yjvexwl.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ubvgoyepqh.net udp
US 8.8.8.8:53 gmdadabtnlc.net udp
US 8.8.8.8:53 frekpcluugu.info udp
US 8.8.8.8:53 awsaacuoqk.org udp
US 8.8.8.8:53 dsvcxwf.com udp
US 8.8.8.8:53 rczejcwys.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 ogqkogcc.org udp
US 8.8.8.8:53 phqpnrfm.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 fgxvgof.net udp
US 8.8.8.8:53 gcupdklq.net udp
US 8.8.8.8:53 vabszugwd.com udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 tkfknd.net udp
US 8.8.8.8:53 fozuagjtx.net udp
US 8.8.8.8:53 oxtxfipdgwcd.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 syygamceaoqa.com udp
US 8.8.8.8:53 almsoawtsyzf.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 eoqlbv.info udp
US 8.8.8.8:53 baqbqsvecz.net udp
US 8.8.8.8:53 xjtulmeqqwbo.info udp
US 8.8.8.8:53 bfmwqzjvbnam.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 smswjvw.net udp
US 8.8.8.8:53 ewhkqaj.net udp
US 8.8.8.8:53 xnufpvzjjilp.info udp
US 8.8.8.8:53 wynahdj.info udp
US 8.8.8.8:53 ksrydraoogck.info udp
US 8.8.8.8:53 vcmwlyrgs.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 hfzmnwlt.info udp
US 8.8.8.8:53 mczetsb.info udp
US 8.8.8.8:53 fsnscgbuz.info udp
US 8.8.8.8:53 gydgnilaj.net udp
US 8.8.8.8:53 lmkgjchaw.info udp
US 8.8.8.8:53 adrodghwk.net udp
US 8.8.8.8:53 jddbwmasireg.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 dqmufwlyj.info udp
US 8.8.8.8:53 huqybxxw.info udp
US 8.8.8.8:53 nshnimt.com udp
US 8.8.8.8:53 majwriukhey.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 pclnivmleanr.net udp
US 8.8.8.8:53 mcqwzprylyw.info udp
BG 178.254.202.250:33366 tcp
US 8.8.8.8:53 zibptcpol.info udp
US 8.8.8.8:53 qunwna.net udp
US 8.8.8.8:53 osscnehf.net udp
US 8.8.8.8:53 skkapax.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 gloqvgv.net udp
US 8.8.8.8:53 uheeramihch.net udp
US 8.8.8.8:53 pkqzppsdbq.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 ejlwnib.info udp
US 8.8.8.8:53 kurwtjrhz.net udp
US 8.8.8.8:53 kqcaicgeiwcc.org udp
US 8.8.8.8:53 ktpxxrb.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 zfsvtfurne.info udp
US 8.8.8.8:53 moxomenufg.net udp
US 8.8.8.8:53 vyfchpmpij.net udp
US 8.8.8.8:53 suywkyik.org udp
US 8.8.8.8:53 gkvgertyped.net udp
US 8.8.8.8:53 satzju.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 yeqwouwywkmo.com udp
US 8.8.8.8:53 yrxibl.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 itvkjnv.net udp
US 8.8.8.8:53 dybvvsp.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 hghkxqlasxav.info udp
US 8.8.8.8:53 vkmwsbaixgs.net udp
US 8.8.8.8:53 rczuidojvlgk.net udp
US 8.8.8.8:53 xunydmfkvhl.com udp
US 8.8.8.8:53 nciyeoco.net udp
US 8.8.8.8:53 trncdrl.org udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 cpreiqobse.net udp
US 8.8.8.8:53 tbjaahxfcc.info udp
US 8.8.8.8:53 mijmzatxleyp.info udp
US 8.8.8.8:53 leislgv.org udp
US 8.8.8.8:53 auzihebch.info udp
US 8.8.8.8:53 jsljco.info udp
US 8.8.8.8:53 fdilxi.info udp
US 8.8.8.8:53 njvkzdps.info udp
UA 46.37.204.21:30056 tcp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 lyjuztfmdtty.net udp
US 8.8.8.8:53 gmhupavwtqu.net udp
US 8.8.8.8:53 womasauiui.com udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 ugkoic.com udp
US 8.8.8.8:53 xudgycfwxwf.org udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 tsryoib.info udp
US 8.8.8.8:53 fyuyxtrfslgy.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 msoywmwkcqwq.org udp
US 8.8.8.8:53 vkfahct.com udp
US 8.8.8.8:53 nheynk.info udp
US 8.8.8.8:53 rvttphel.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 wdhsjprg.info udp
US 8.8.8.8:53 dcynemlvinhx.net udp
US 8.8.8.8:53 lmronacfmgr.info udp
US 8.8.8.8:53 aqkseiquiq.org udp
US 8.8.8.8:53 vqlooipad.org udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 bepoeogq.net udp
US 8.8.8.8:53 nriupm.net udp
US 8.8.8.8:53 mdtjpgp.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 segyoeok.org udp
US 8.8.8.8:53 cseikcgaukiw.org udp
US 8.8.8.8:53 nixslgcqg.info udp
US 8.8.8.8:53 fwwelj.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 rsnxkiczuebx.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 qcmsmztto.net udp
US 8.8.8.8:53 zijgxyrpvn.info udp
US 8.8.8.8:53 htwifthxbq.net udp
US 8.8.8.8:53 lkbirba.net udp
US 8.8.8.8:53 vxvbct.net udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 waowfcnmxti.info udp
US 8.8.8.8:53 ofbalqv.info udp
US 8.8.8.8:53 iaiakhfbn.info udp
US 8.8.8.8:53 thwnljrnke.info udp
US 8.8.8.8:53 iqfcnvl.net udp
BG 46.10.95.96:14864 tcp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 dekregufdk.net udp
US 8.8.8.8:53 rcoamwf.info udp
US 8.8.8.8:53 jebrhqpenldc.info udp
US 8.8.8.8:53 soaaym.com udp
US 8.8.8.8:53 hwxdacz.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 coicwumoaeee.org udp
US 8.8.8.8:53 rrvimikb.info udp
US 8.8.8.8:53 wdmsjudezq.net udp
US 8.8.8.8:53 hbkuxqak.info udp
US 8.8.8.8:53 ydqknzh.net udp
US 8.8.8.8:53 xqrbhijt.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 earmhyjihls.net udp
US 8.8.8.8:53 lbnwdymmltbc.info udp
US 8.8.8.8:53 ndojtrzhbmb.net udp
US 8.8.8.8:53 fujtauvg.info udp
US 8.8.8.8:53 nhzkdwifgmsu.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 bkxzwir.net udp
US 8.8.8.8:53 xtuitkrup.net udp
US 8.8.8.8:53 irrqijtoz.net udp
US 8.8.8.8:53 wookoecouc.com udp
US 8.8.8.8:53 giillkzmhfq.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 kwoikcckguam.org udp
US 8.8.8.8:53 liibuumnyo.net udp
US 8.8.8.8:53 hidwpmc.info udp
US 8.8.8.8:53 weogaayc.com udp
US 8.8.8.8:53 ozkuhgd.info udp
US 8.8.8.8:53 ppbzuvzlnehj.net udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 cbpclmmdp.net udp
US 8.8.8.8:53 dtqunwvojyv.net udp
US 8.8.8.8:53 jyfntip.info udp
US 8.8.8.8:53 bteqlenbm.info udp
US 8.8.8.8:53 xdthqmcqbzd.com udp
US 8.8.8.8:53 cayouy.com udp
US 8.8.8.8:53 iahztym.net udp
US 8.8.8.8:53 hxgxslifyv.info udp
US 8.8.8.8:53 cqtgekplkq.net udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 ewauegicso.com udp
US 8.8.8.8:53 tqbcfvq.net udp
US 8.8.8.8:53 kkeyouckesuo.org udp
US 8.8.8.8:53 iuokqmqqee.com udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 qiuiggsa.com udp
US 8.8.8.8:53 pvrlhgzrud.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 jexjcnnwd.com udp
US 8.8.8.8:53 huvgpix.org udp
US 8.8.8.8:53 faanjekngo.info udp
US 8.8.8.8:53 pyvlryuwh.info udp
US 8.8.8.8:53 pnrfhucphn.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 cxopqw.info udp
US 8.8.8.8:53 seealaoo.net udp
US 8.8.8.8:53 xmdsbzj.org udp
BG 94.236.159.199:30755 tcp
US 8.8.8.8:53 icaumiseao.org udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 ftnljkl.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 ouoyuaeqsy.org udp
US 8.8.8.8:53 jnuedcaa.info udp
US 8.8.8.8:53 nyohypntnfbb.info udp
US 8.8.8.8:53 nuxmfrvbv.com udp
US 8.8.8.8:53 hsxfpvuu.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 aemkrixfm.net udp
US 8.8.8.8:53 gebytlt.info udp
US 8.8.8.8:53 pbpcbfrwrx.info udp
US 8.8.8.8:53 txhgemny.info udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 tobtqsniy.net udp
US 8.8.8.8:53 aaigsa.com udp
US 8.8.8.8:53 kwqmky.org udp
US 8.8.8.8:53 qljededovek.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 daanugmbbw.net udp
US 8.8.8.8:53 nchxuckysn.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 acgkiq.com udp
US 8.8.8.8:53 cbvrvu.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 hyuank.info udp
US 8.8.8.8:53 ovwxlzxc.net udp
US 8.8.8.8:53 oiwrgbffggbj.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 qbxzxk.info udp
US 8.8.8.8:53 celgffqrvzjo.info udp
US 8.8.8.8:53 syiqhkjsfko.info udp
US 8.8.8.8:53 wrrvjjqlxt.net udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 xtktbomhox.info udp
US 8.8.8.8:53 uwsqceeu.org udp
US 8.8.8.8:53 cysobkfmj.info udp
US 8.8.8.8:53 eyggge.com udp
US 8.8.8.8:53 xoucduojh.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 hgqlifuw.net udp
US 8.8.8.8:53 aqaaee.org udp
US 8.8.8.8:53 npfvrlecidoc.net udp
US 8.8.8.8:53 ukhsdoako.info udp
US 8.8.8.8:53 jcrkdat.info udp
US 8.8.8.8:53 xmjmnczctgb.org udp
US 8.8.8.8:53 yvtvfdpteo.net udp
US 8.8.8.8:53 lsvmdsys.net udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 dmihiuv.net udp
US 8.8.8.8:53 dluuvi.net udp
US 8.8.8.8:53 yeawnajjie.net udp
US 8.8.8.8:53 lygszpckg.net udp
US 8.8.8.8:53 xpikbtn.info udp
US 8.8.8.8:53 ydqkvuogbk.info udp
US 8.8.8.8:53 efarzxr.info udp
LT 78.60.193.91:37497 tcp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 nexpeysylcvc.info udp
US 8.8.8.8:53 rlicxq.info udp
US 8.8.8.8:53 grypnovbake.net udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 ueityqhuv.info udp
US 8.8.8.8:53 ckjdtgxwx.info udp
US 8.8.8.8:53 uyqlrsnms.info udp
US 8.8.8.8:53 uupugslvv.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 ntndewudzrrr.info udp
US 8.8.8.8:53 hfsrzaxbzo.net udp
US 8.8.8.8:53 jztwbdywxzfe.net udp
US 8.8.8.8:53 wttfgd.info udp
US 8.8.8.8:53 jstqbweijw.net udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 gsmaescuau.org udp
US 8.8.8.8:53 dqqtzkc.com udp
US 8.8.8.8:53 cmyimaeq.org udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 pksofel.org udp
US 8.8.8.8:53 bnpajzm.org udp
US 8.8.8.8:53 txmasvkvutxh.info udp
US 8.8.8.8:53 agiygo.com udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 ftxnwausya.net udp
US 8.8.8.8:53 ajsniupbvk.info udp
US 8.8.8.8:53 tqlnlofg.net udp
US 8.8.8.8:53 rufpuo.info udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 zygrnzv.info udp
US 8.8.8.8:53 xqfmlzbgrod.com udp
US 8.8.8.8:53 hkcullcgp.info udp
US 8.8.8.8:53 equuiqcccm.com udp
US 8.8.8.8:53 rwfwkrntdwbv.info udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 mewxyqsr.net udp
US 8.8.8.8:53 gyfmptq.net udp
US 8.8.8.8:53 bchyjigxk.com udp
US 8.8.8.8:53 qkqeeseoaa.org udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 iixpwpzsf.info udp
US 8.8.8.8:53 saussuvlb.info udp
US 8.8.8.8:53 qagowawgkc.com udp
US 8.8.8.8:53 tkxmminfz.info udp
US 8.8.8.8:53 lglnychgr.net udp
US 8.8.8.8:53 bedecqpii.net udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 aetyon.net udp
US 8.8.8.8:53 osdinhpwmyj.net udp
US 8.8.8.8:53 trlqlwf.com udp
US 8.8.8.8:53 pbafdqh.net udp
US 8.8.8.8:53 kkynfvpezu.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 bdjfurnnx.org udp
US 8.8.8.8:53 rqzhac.info udp
US 8.8.8.8:53 ayaygmbq.net udp
US 8.8.8.8:53 ecjjlwours.info udp
US 8.8.8.8:53 weecgysm.org udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 tzxvodwwie.net udp
US 8.8.8.8:53 wmykawscmi.com udp
US 8.8.8.8:53 sqcowwkqii.com udp
US 8.8.8.8:53 kepytiviiab.net udp
US 8.8.8.8:53 zhhejrdmjdd.net udp
US 8.8.8.8:53 ypruyv.info udp
US 8.8.8.8:53 fsqamdgmg.info udp
US 8.8.8.8:53 xpkyfirnd.info udp
US 8.8.8.8:53 msfmncaznmd.net udp
US 8.8.8.8:53 iwescltqq.net udp
US 8.8.8.8:53 sxdzkp.net udp
US 8.8.8.8:53 pljdvsqmqip.net udp
US 8.8.8.8:53 togcvuzpixrc.net udp
US 8.8.8.8:53 zodavc.net udp
US 8.8.8.8:53 bkmnyoi.info udp
US 8.8.8.8:53 kuvpbd.net udp
US 8.8.8.8:53 cetgjyxxi.net udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 surabpt.net udp
US 8.8.8.8:53 gcmiakww.com udp
US 8.8.8.8:53 idlnlhi.net udp
US 8.8.8.8:53 wfxcwb.info udp
LT 78.62.81.7:35448 tcp

Files

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

MD5 9704c5a70b5eaeedd55f68d9fc5400f5
SHA1 6c53b0fd9c10eb1b1f971725a224c43f448cb88e
SHA256 2b2e0b348195a08d23dac6c872bb1ea7e05ab373ea84ba4ef45ede8ea4114ab3
SHA512 a43f1fb9e6ed9234b8d3f282df6b848b252542dc550d39f1c3bbb03a4ec12524d7694327354b02acbf6f5aad7163c0b7e3755876afdb01fa2a0db6ee4f76d361

C:\Windows\SysWOW64\mcamewnnwsznjlmyyc.exe

MD5 bb7873a096a7ddd06706314a91eb4e66
SHA1 45bde370d8c23151d85e7c7e05cd26c05342d7bc
SHA256 451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507
SHA512 8af08029a8d90586aa634eab2a06b19a112bc6b2c21cc0ec1117ce89965c7209af4c452a3306394606a46f478cf7e1628ddfc732f5d3efae758e090436f68131

C:\Users\Admin\AppData\Local\Temp\zcnmr.exe

MD5 34f2912d5e582f2d0f1e8ae5426f8c39
SHA1 347bbba0200399e4d259317971968c9e69ab8e98
SHA256 3169380906cc09d16a54f1f9514ba0d3602e85b59c556ce96bd018486bd91eb7
SHA512 346277bbffaaaa8ff35b5df24114f0fc793dd1817c6f386d5cbfc3a87cccffe9b419769dcc131843e430f974fdaa994a2f3fcf683f89917e1efc5e542b31bdce

C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca

MD5 938c9ff310d76b2f850b855a38c2bbaf
SHA1 7c25f5ea3264108902805cc7af20bf315b8e4edd
SHA256 78d4dbbf0221b539576e6a99f012732ac4423da1aada5c4c7e356a5664f4b734
SHA512 e781d70a53a436371f07028014d90f28a89047b914a12a9b1598fde25719301d9d83f3ee5ce504d6bff1c93c486808ca59c64e2ce4f71e74d6e5f246180b0dcf

C:\Users\Admin\AppData\Local\weuyisbtuihnbvoskgucswgqzrsgflzt.qie

MD5 0b464e3ae7d16596824d19084b8d1e6d
SHA1 891cab9065b018b60a4c2c718e9589bfea2ea3bb
SHA256 48c3f6473b5b8ccf7bab5de0658e3284d9d0231c31567db0777210d5b61a7cb7
SHA512 7fa06fa6a427c4d97aea6e1800cbf09b15108130aea016112d74292f2512fe0957cc6954e1f4511bc1e84ea69398fc8f2d417e72c48f9c9cfdabd0990e73fda8

C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca

MD5 212e1dd701e569803862598d00f3981b
SHA1 5005c22debd9ca230bb458718a8120b40eeedfa8
SHA256 5a9ff286de8e4801bd727dff41c139a57f0118aaf1846c9a37cb395573e65b84
SHA512 3bc5e04f4a429838e0a0030975ed0834fb0df124b067c811b8395d2432d51c8bd6d50c966d560244baf4a8231b45e00b3d246489c6973f65180abeefe66d7109

C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca

MD5 cc318deddd75e04664fa35173c90ba6b
SHA1 d42dbd31dbf16475d033fdeb97ca6baf02a8c886
SHA256 602a5465c782a6efc691e836ab2b77f8a2fcdd7f363f46689036d79584afaade
SHA512 b86b71132152fe6db15afa5e565190a34007fb1a2e4191bb3410564a837c863d49b1c4f262438de9c7c74bba25fe34da7ca7ab08852f3d7dfaa38050e81fce51

C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca

MD5 b160d0797d1c41c267d770153f94f11f
SHA1 4c263a024f2cee3b51e34f9ad11183b5d7fce643
SHA256 9d4a4650bff1d004f9d1e6b3c2e81c8560aa07852bda278f451ddd7bdf150889
SHA512 c97a3f80bc34443bab68cef27de6d7c54fcaedf189e4f843cbb3f9a23f143e23c9773e87a72722b7a36da64d19a722843cf40387149eaa237a1b98327e5a4be6

C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca

MD5 ffa86686375e3acdd625f6c66a7250e6
SHA1 cd810b7ddabb5f7049f8a3191ef068e0e428a107
SHA256 3ac996abb749f71f314f2575e8166a143c80b727b4db941090e3a0360abdd897
SHA512 776622da3ce0719b6de6a4bfbb865b1dc0f6ff5564ecc4a33d91376d2af7708225e929e721db5089f7b9cc292eec1d77784b2c154b01ee47cc0a031e37ab2a6b

C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca

MD5 5745d2c58fccf84bbe96920f79c4ba63
SHA1 098140f473c350292c7868f06bedb422a6da9231
SHA256 1ba88326504c14e742cbb7225542f64e1780407fe608df18175a413f90e14779
SHA512 cd81e15ce5e7c7039a1194edc1894c521c22a1a49fee9c3500d2ef347e6802f4c4841e743289b379e3780977c096d71441c8da391614273a540f7407521814c3

C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca

MD5 1484e2eb207372c94ff9a24e0024f7f4
SHA1 06059c7bff7106d0fc131d5b4b94310447c14a41
SHA256 9930a38d419193a4c71f9e1323b6abe691e7f3008268019f5cfa519e0e9873e4
SHA512 cdc41cbfd2456248cac3da84dde88d96f365efb3ec8fac59d3b2968051f57fe9e75cc6701165fca501ae5d64394512040c119c5053b5d36885934ce34bcc9ade

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-17 22:48

Reported

2025-04-17 22:51

Platform

win11-20250410-en

Max time kernel

60s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\tqzxjzrathentjmz.exe N/A
N/A N/A C:\Windows\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\tqzxjzrathentjmz.exe N/A
N/A N/A C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Windows\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Windows\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Windows\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Windows\tqzxjzrathentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Windows\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Windows\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
N/A N/A C:\Windows\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Windows\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\wympgbymkdftezhzyzkma.exe N/A
N/A N/A C:\Windows\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Windows\ayihuleoixvfmdhvq.exe N/A
N/A N/A C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "wympgbymkdftezhzyzkma.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "wympgbymkdftezhzyzkma.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "tqzxjzrathentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "jitthztezpozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "wympgbymkdftezhzyzkma.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "wympgbymkdftezhzyzkma.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "hivxnhdqnfgtdxevttde.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File created C:\Windows\SysWOW64\wigtuzgempbzuzrtcniusfglsqy.nlg C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wigtuzgempbzuzrtcniusfglsqy.nlg C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File created C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Program Files (x86)\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File created C:\Program Files (x86)\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\uughwpkwsjjvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jitthztezpozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ayihuleoixvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5900 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5900 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5900 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1256 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 1256 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 1256 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 5020 wrote to memory of 5056 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 5020 wrote to memory of 5056 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 5020 wrote to memory of 5056 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 5056 wrote to memory of 5308 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5056 wrote to memory of 5308 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5056 wrote to memory of 5308 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5040 wrote to memory of 5016 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 5040 wrote to memory of 5016 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 5040 wrote to memory of 5016 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 716 wrote to memory of 4680 N/A C:\Windows\system32\cmd.exe C:\Windows\hivxnhdqnfgtdxevttde.exe
PID 716 wrote to memory of 4680 N/A C:\Windows\system32\cmd.exe C:\Windows\hivxnhdqnfgtdxevttde.exe
PID 716 wrote to memory of 4680 N/A C:\Windows\system32\cmd.exe C:\Windows\hivxnhdqnfgtdxevttde.exe
PID 4000 wrote to memory of 4600 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 4000 wrote to memory of 4600 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 4000 wrote to memory of 4600 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 4680 wrote to memory of 4228 N/A C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4680 wrote to memory of 4228 N/A C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4680 wrote to memory of 4228 N/A C:\Windows\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1036 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 1036 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 1036 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
PID 5128 wrote to memory of 5168 N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5128 wrote to memory of 5168 N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5128 wrote to memory of 5168 N/A C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5512 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
PID 5512 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
PID 5512 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
PID 3060 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
PID 3060 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
PID 3060 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
PID 4044 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4044 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4044 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3632 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 3632 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 3632 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 3632 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 3632 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 3632 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\huthjp.exe
PID 5876 wrote to memory of 3988 N/A C:\Windows\system32\cmd.exe C:\Windows\jitthztezpozhzetpn.exe
PID 5876 wrote to memory of 3988 N/A C:\Windows\system32\cmd.exe C:\Windows\jitthztezpozhzetpn.exe
PID 5876 wrote to memory of 3988 N/A C:\Windows\system32\cmd.exe C:\Windows\jitthztezpozhzetpn.exe
PID 3628 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 3628 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 3628 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 2236 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 2236 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 2236 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Windows\ayihuleoixvfmdhvq.exe
PID 4992 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 4992 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 4992 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Windows\tqzxjzrathentjmz.exe
PID 1328 wrote to memory of 1552 N/A C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1328 wrote to memory of 1552 N/A C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1328 wrote to memory of 1552 N/A C:\Windows\tqzxjzrathentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1800 wrote to memory of 4028 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1800 wrote to memory of 4028 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1800 wrote to memory of 4028 N/A C:\Windows\ayihuleoixvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3412 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\jitthztezpozhzetpn.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\huthjp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\huthjp.exe

"C:\Users\Admin\AppData\Local\Temp\huthjp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Users\Admin\AppData\Local\Temp\huthjp.exe

"C:\Users\Admin\AppData\Local\Temp\huthjp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\jitthztezpozhzetpn.exe

jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .

C:\Windows\ayihuleoixvfmdhvq.exe

ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\wympgbymkdftezhzyzkma.exe

wympgbymkdftezhzyzkma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe

C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\uughwpkwsjjvexdtqpy.exe

uughwpkwsjjvexdtqpy.exe

C:\Windows\hivxnhdqnfgtdxevttde.exe

hivxnhdqnfgtdxevttde.exe .

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe

C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."

C:\Windows\tqzxjzrathentjmz.exe

tqzxjzrathentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
FR 52.222.159.143:80 www.imdb.com tcp
RU 109.184.117.43:22447 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
LT 78.60.92.16:19240 tcp
US 8.8.8.8:53 hwxqimckn.info udp
US 8.8.8.8:53 zxxnbwf.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 zsnttap.info udp
MD 93.116.123.213:14781 tcp
US 8.8.8.8:53 mikkmycyqaiu.com udp
US 8.8.8.8:53 uiqakyukogic.com udp
LT 78.57.144.167:13000 tcp
US 8.8.8.8:53 lcyohmj.org udp
US 8.8.8.8:53 iptiub.info udp
US 8.8.8.8:53 bjhitbaa.info udp
MD 92.114.193.204:14798 tcp
US 8.8.8.8:53 labmjrngf.net udp
US 8.8.8.8:53 kehrxvcu.info udp
MD 95.65.120.58:37856 tcp
US 8.8.8.8:53 grxrpnva.info udp
US 8.8.8.8:53 barsitbvs.info udp
US 8.8.8.8:53 cqauuouycyyw.com udp
MD 86.106.240.78:23914 tcp
US 8.8.8.8:53 eabetgh.net udp
US 8.8.8.8:53 suokioug.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 dtekaeokif.info udp
BG 88.80.105.159:37887 tcp
US 8.8.8.8:53 urjbzmd.net udp
US 8.8.8.8:53 iwuussokwqek.org udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 dxrttzgl.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 asmbjrxynfrj.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 dwnnlstiod.net udp
BG 46.10.95.96:14864 tcp
US 8.8.8.8:53 kjzsyiahgip.net udp
US 8.8.8.8:53 ekeogaid.info udp
US 8.8.8.8:53 wkbcyhjl.info udp
BG 62.176.104.158:25356 tcp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 kutjbotdz.info udp
US 8.8.8.8:53 cmgusqiciaau.org udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 eegeaqom.org udp
US 8.8.8.8:53 gzvhzbbjrh.net udp
MD 92.115.152.251:18893 tcp
US 8.8.8.8:53 wnshzwuykgpn.net udp
US 8.8.8.8:53 sogsiswe.org udp
LT 87.247.101.231:28704 tcp
US 8.8.8.8:53 zcryzuvmz.org udp
US 8.8.8.8:53 bgpkrzxpid.net udp
US 8.8.8.8:53 rhszwdmgfi.net udp
BG 77.76.184.2:30947 tcp
US 8.8.8.8:53 cedczqhe.net udp
US 8.8.8.8:53 adhbxhqebajw.info udp
LT 212.117.9.69:34498 tcp
US 8.8.8.8:53 dkdczgl.info udp

Files

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

MD5 ed03843d368f0412deba722b41e7fe49
SHA1 249ca2dd1490cac8e488e80cbb576a4268dd46f6
SHA256 63ba6674c4620464eada56a6a89802de975ea52e90d00905beffc60b874e256b
SHA512 5aca5382eb4c9f536d73a6aede989e89223a2f14224ad220aa17af4ec28cfe21c780254de54a01c439dd261cdee639635e83010e007e2a26224c5de946656632

C:\Windows\SysWOW64\jitthztezpozhzetpn.exe

MD5 bb7873a096a7ddd06706314a91eb4e66
SHA1 45bde370d8c23151d85e7c7e05cd26c05342d7bc
SHA256 451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507
SHA512 8af08029a8d90586aa634eab2a06b19a112bc6b2c21cc0ec1117ce89965c7209af4c452a3306394606a46f478cf7e1628ddfc732f5d3efae758e090436f68131

C:\Users\Admin\AppData\Local\Temp\huthjp.exe

MD5 ee6a9bf3087971bf55b5dfc7a09cb21b
SHA1 505e435a412e2aaad91520b4d57e7094d1d8dcd8
SHA256 75a14b8857e63fcbcc336701b729065f3f2e90410ec4b23403daf3b841ea355e
SHA512 dea3757210f0d364844f66492c787c3564886b3fe534a6fe72400b77e2c49874701f84bdfd43831521cd42ab6ec9ea89f3be073b251e03010312e40ae1825331

C:\Users\Admin\AppData\Local\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 5bd4ff55e720ab1e1773ade24cc1d732
SHA1 38b57f26da58c7ec5770d72ec278b9f013e67b4c
SHA256 5c62a1b9f201207fc254cdcca7b66ad7256e8ba5401eaeef959f8eb16cb61955
SHA512 24bbddaae63e68df7f1e7439ea0487ab7dd2aaeeb404af2c51483b3dfea186199088ffffc5c626d68889e60b3a2252aa4187a87e462be7ab3db42c4169807fc2

C:\Users\Admin\AppData\Local\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd

MD5 74102bf20757178eb42a61ad8afc3f4a
SHA1 ea92207cb4b4f890e2d2d038bf16da1efeb6d5cf
SHA256 24fa2639b9ff2011c989321d310c704dd8e71f53e7798e99145477f4b637c01e
SHA512 82c245ddc85d4e1a2e9602b6de861a874011616ad23426c2493c2dfdb26667716c521849ee2cd4e4e2b4d49195109e9869921d1b4ff34071e89c31b8a912653b

C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 832102acdb4f92efbacb0a3977b64a8f
SHA1 7cc556e34640c432fa8a86f5e228189bbbbe4a8d
SHA256 a58ebe11f08e10fd9a3bed5269124b688adfbb2267e08b51fc166f0083f9c03e
SHA512 8c0174ec883c8c9ea4bd6b621c2e6732d7ac83f409a22a477837a86e9bd8ffa74e6a6f37237655b4e9fe2f1847f402b0301ebc0b5e4e087c199e134579313667

C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 043227db03b967bb68e22cedc0c3d404
SHA1 301bb7bd55d8a3f621a9807f50699f82e27c74bb
SHA256 f9f307060407f67b5be0235b10d307961b68788f1e8a945307eb47f595f7bb64
SHA512 23074cdb8da85a9881df3766264e3b47a0bd178108ec4f4398aa2527a94c59ed3a71f75ab5e1e19d10c3f0baa223da8bc29e6a0c6f4c6865bd1be23a72f5151b

C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 88d2c503d2434437a36bf54240e1dbd6
SHA1 f22d2c77591cac4214a702ca41c9ee506ace6365
SHA256 97d0f8d01b842bbdcbdf47006dd105f6d4940b67d93aa3551cade69198c95af7
SHA512 dea08487bfadd08a1c0fd9294260bf697729fe8d28689b5c3feedf724fd7b60da133c01ef64aaf1a26feec373cc33cc4afb11e1420a53c5760110ba2d5ff0bf5

C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 fa81a8afa7d64e3d95687ef4fece9f98
SHA1 9ae81db42f4e05a7c1f448c44298a68bd16d14eb
SHA256 a2cc2286d1a3841ba48cad48060849fd1d84176154fe1f0e6d64b29c26d50af7
SHA512 173ee233397b1f06e79dc4f9d5bdf3d5333712f75f68925fe7be7f44d0c0fa7276e13c11229770759de0573b2f07b35ceffbfb912995dc0e7a49c7b10656da61

C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg

MD5 02edf6210a1594c73b4d9a9c686e63e6
SHA1 a9ca54144785f611504546044aa2e65a10bb5af7
SHA256 cc56a714231b5fcbfd5c07c1e193d15e2a62801091a311713c550b5c470cd9c4
SHA512 f389d5db4c82d0cf796eeead92c7bbedb45dbfbf7219b29a70d3b9435f4c88065e9a7456ca1a7db86496e5a0b7cebffc9f7f171a2f2e7200605292e456adcb6c