Malware Analysis Report

2025-08-10 16:34

Sample ID 250418-2t7hnszqy4
Target JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1
SHA256 b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b

Threat Level: Known bad

The file JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

Modifies WinLogon for persistence

UAC bypass

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Checks computer location settings

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks whether UAC is enabled

Adds Run key to start application

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 22:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-18 22:53

Reported

2025-04-18 22:56

Platform

win11-20250410-en

Max time kernel

49s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zocrkvkjwiaioovp.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngyrodwzqgcoycnltkjc.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aglrbdj = "zocrkvkjwiaioovp.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\asjbxldfvkfqzcmjqge.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aglrbdj = "ngyrodwzqgcoycnltkjc.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Windows\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Windows\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Windows\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Windows\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Windows\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\wojdullfumxgjtqxnhz.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Windows\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\csldshfxkajqrzuzn.exe N/A
N/A N/A C:\Windows\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Windows\jcytldezpiueitrzqlea.exe N/A
N/A N/A C:\Windows\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\wojdullfumxgjtqxnhz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
N/A N/A C:\Windows\ysplexzvmgtejvudvrlie.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nswbkl = "ngyrodwzqgcoycnltkjc.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\cgjnv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zocrkvkjwiaioovp.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\cgjnv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pgwnivmncqkucenjpe.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "ysplexzvmgtejvudvrlie.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "lcwpfvunbsckmvrxmf.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nswbkl = "cwpjhxrvnebozeqpyqqkd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "vkcthvsjvksyyfzd.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "wojdullfumxgjtqxnhz.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "vkcthvsjvksyyfzd.exe" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cgjnv = "cwpjhxrvnebozeqpyqqkd.exe" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File created C:\Windows\SysWOW64\deillluxvwqiuntjilmqtttc.dey C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Program Files (x86)\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File created C:\Program Files (x86)\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\pkifztwtlgugmzzjczuspj.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\wojdullfumxgjtqxnhz.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
File opened for modification C:\Windows\ysplexzvmgtejvudvrlie.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
File opened for modification C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cwpjhxrvnebozeqpyqqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cwpjhxrvnebozeqpyqqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gwlbvhxxlyrahiqlq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ngyrodwzqgcoycnltkjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vkcthvsjvksyyfzd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\csldshfxkajqrzuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zocrkvkjwiaioovp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wojdullfumxgjtqxnhz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2736 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2736 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2736 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 1296 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 1296 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 1296 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 2356 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 2356 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 2356 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 4808 wrote to memory of 3776 N/A C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 4808 wrote to memory of 3776 N/A C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 4808 wrote to memory of 3776 N/A C:\Windows\csldshfxkajqrzuzn.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 4228 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 4228 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 4228 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe
PID 4784 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\lcwpfvunbsckmvrxmf.exe
PID 4784 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\lcwpfvunbsckmvrxmf.exe
PID 4784 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\lcwpfvunbsckmvrxmf.exe
PID 540 wrote to memory of 1232 N/A C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 540 wrote to memory of 1232 N/A C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 540 wrote to memory of 1232 N/A C:\Windows\lcwpfvunbsckmvrxmf.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 3624 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
PID 3624 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
PID 3624 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
PID 1772 wrote to memory of 2256 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 1772 wrote to memory of 2256 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 1772 wrote to memory of 2256 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 2256 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2256 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2256 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 3648 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 3648 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 3648 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
PID 5836 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
PID 5836 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
PID 5836 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
PID 2068 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2068 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 2068 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 1488 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 1488 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 1488 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 1488 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 1488 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 1488 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
PID 2640 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 2640 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 2640 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 3268 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 3268 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 3268 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 104 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 104 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 104 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\vkcthvsjvksyyfzd.exe
PID 4392 wrote to memory of 3936 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 4392 wrote to memory of 3936 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 4392 wrote to memory of 3936 N/A C:\Windows\system32\cmd.exe C:\Windows\jcytldezpiueitrzqlea.exe
PID 1636 wrote to memory of 1460 N/A C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 1636 wrote to memory of 1460 N/A C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 1636 wrote to memory of 1460 N/A C:\Windows\vkcthvsjvksyyfzd.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 3936 wrote to memory of 4320 N/A C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 3936 wrote to memory of 4320 N/A C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 3936 wrote to memory of 4320 N/A C:\Windows\jcytldezpiueitrzqlea.exe C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
PID 4340 wrote to memory of 804 N/A C:\Windows\system32\cmd.exe C:\Windows\csldshfxkajqrzuzn.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jowdhl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\jowdhl.exe

"C:\Users\Admin\AppData\Local\Temp\jowdhl.exe" "-C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe"

C:\Users\Admin\AppData\Local\Temp\jowdhl.exe

"C:\Users\Admin\AppData\Local\Temp\jowdhl.exe" "-C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe

C:\Windows\asjbxldfvkfqzcmjqge.exe

asjbxldfvkfqzcmjqge.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pgwnivmncqkucenjpe.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\pgwnivmncqkucenjpe.exe

pgwnivmncqkucenjpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\pgwnivmncqkucenjpe.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\pgwnivmncqkucenjpe.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\gwlbvhxxlyrahiqlq.exe

gwlbvhxxlyrahiqlq.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\gwlbvhxxlyrahiqlq.exe

gwlbvhxxlyrahiqlq.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\gwlbvhxxlyrahiqlq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\asjbxldfvkfqzcmjqge.exe

asjbxldfvkfqzcmjqge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngyrodwzqgcoycnltkjc.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\ngyrodwzqgcoycnltkjc.exe

ngyrodwzqgcoycnltkjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ngyrodwzqgcoycnltkjc.exe*."

C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe

C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\gwlbvhxxlyrahiqlq.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngyrodwzqgcoycnltkjc.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\ngyrodwzqgcoycnltkjc.exe

ngyrodwzqgcoycnltkjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ngyrodwzqgcoycnltkjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\asjbxldfvkfqzcmjqge.exe

asjbxldfvkfqzcmjqge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zocrkvkjwiaioovp.exe .

C:\Windows\zocrkvkjwiaioovp.exe

zocrkvkjwiaioovp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe

C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\zocrkvkjwiaioovp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe

C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zocrkvkjwiaioovp.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\zocrkvkjwiaioovp.exe

zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\asjbxldfvkfqzcmjqge.exe

asjbxldfvkfqzcmjqge.exe

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe

C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ngyrodwzqgcoycnltkjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe

C:\Windows\lcwpfvunbsckmvrxmf.exe

lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe

C:\Windows\ysplexzvmgtejvudvrlie.exe

ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."

C:\Windows\asjbxldfvkfqzcmjqge.exe

asjbxldfvkfqzcmjqge.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe .

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cwpjhxrvnebozeqpyqqkd.exe

cwpjhxrvnebozeqpyqqkd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."

C:\Windows\gwlbvhxxlyrahiqlq.exe

gwlbvhxxlyrahiqlq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\gwlbvhxxlyrahiqlq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe

C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\pgwnivmncqkucenjpe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe .

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe

C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\zocrkvkjwiaioovp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\vkcthvsjvksyyfzd.exe

vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\cgjnv.exe

"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe

C:\Windows\csldshfxkajqrzuzn.exe

csldshfxkajqrzuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe

C:\Windows\jcytldezpiueitrzqlea.exe

jcytldezpiueitrzqlea.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Windows\wojdullfumxgjtqxnhz.exe

wojdullfumxgjtqxnhz.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
GB 2.19.252.87:80 www.adobe.com tcp
NL 172.217.218.91:80 www.youtube.com tcp
DE 91.64.127.195:41122 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
DE 91.64.127.195:41122 tcp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 vrekoakvug.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 suwqlsxke.net udp
US 8.8.8.8:53 uxtqbq.info udp
US 8.8.8.8:53 cmeojgn.info udp
US 8.8.8.8:53 dlftplzdgj.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 igclnsfi.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 reshmy.info udp
US 8.8.8.8:53 eeerjupknqds.net udp
US 8.8.8.8:53 bydpnff.info udp
US 8.8.8.8:53 nylwzom.info udp
US 8.8.8.8:53 ikjgfghovnv.info udp
US 8.8.8.8:53 wfrcgjcwbdfg.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 uezqtablkhao.info udp
US 8.8.8.8:53 jtakfphwim.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 odibdkhyjn.net udp
US 8.8.8.8:53 dmxlnsmgxndu.net udp
US 8.8.8.8:53 lurtzagawmf.org udp
US 8.8.8.8:53 xyhvqwbor.info udp
US 8.8.8.8:53 icycog.com udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 iwgoseuy.com udp
US 8.8.8.8:53 fsfnuaj.org udp
US 8.8.8.8:53 gvhkskl.info udp
US 8.8.8.8:53 vmfgpri.net udp
US 8.8.8.8:53 nncqcmxcojwy.net udp
US 8.8.8.8:53 jsvnxple.info udp
US 8.8.8.8:53 awtzwsx.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 bepsqkr.net udp
US 8.8.8.8:53 xdpfdsto.net udp
US 8.8.8.8:53 tcncdtfll.org udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 deisdycaiv.net udp
US 8.8.8.8:53 iasiqc.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 cutaexfm.net udp
US 8.8.8.8:53 bvfxrg.info udp
US 8.8.8.8:53 hiqumgp.info udp
US 8.8.8.8:53 nefsbc.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 lhgqgdnsqr.net udp
US 8.8.8.8:53 iqascegykgkw.com udp
US 8.8.8.8:53 henrtcogo.org udp
US 8.8.8.8:53 ihmctw.info udp
US 8.8.8.8:53 vryfnhhv.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 ozkukayx.info udp
US 8.8.8.8:53 ghbkygdl.info udp
US 8.8.8.8:53 vvczhs.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 vhthpmr.info udp
US 8.8.8.8:53 hebozfr.org udp
US 8.8.8.8:53 wjvnorsibr.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 juozdcx.net udp
US 8.8.8.8:53 iqbauf.info udp
US 8.8.8.8:53 aljiyzkufgo.net udp
US 8.8.8.8:53 omsmuykswwge.org udp
US 8.8.8.8:53 soayqy.com udp
US 8.8.8.8:53 rsskxn.info udp
US 8.8.8.8:53 simocqcguk.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 almnuc.info udp
US 8.8.8.8:53 difizypcp.org udp
US 8.8.8.8:53 rlmxeedgma.net udp
US 8.8.8.8:53 uahejgjgj.net udp
US 8.8.8.8:53 hodapebdgqs.org udp
US 8.8.8.8:53 oksnewnm.info udp
US 8.8.8.8:53 irtxtgmnak.info udp
US 8.8.8.8:53 sgyoqcyu.org udp
US 8.8.8.8:53 oqoqyegi.org udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 aeimmkuwmkky.org udp
US 8.8.8.8:53 glgspbuclsn.net udp
US 8.8.8.8:53 yiogckigsy.com udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 xfmrsznb.info udp
US 8.8.8.8:53 rxxstgzcz.com udp
US 8.8.8.8:53 mkdvhwrmr.net udp
US 8.8.8.8:53 wokwfed.info udp
US 8.8.8.8:53 isxqlkteinqw.info udp
US 8.8.8.8:53 ezomarlwoa.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 kheoqzd.info udp
US 8.8.8.8:53 ruixqqozfc.info udp
US 8.8.8.8:53 lnngbvbdk.org udp
US 8.8.8.8:53 fzjqxwtolqn.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 kjssrc.info udp
US 8.8.8.8:53 fiupqcvkudfs.info udp
US 8.8.8.8:53 lmlyqcr.com udp
US 8.8.8.8:53 ldtxbtnpoqti.info udp
US 8.8.8.8:53 pvsunmhbcggs.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 rprorwnvpu.info udp
US 8.8.8.8:53 qgcqdzzwcxn.info udp
US 8.8.8.8:53 jgrkbduaj.info udp
US 8.8.8.8:53 wumssoeo.com udp
US 8.8.8.8:53 etzyvajhvol.info udp
US 8.8.8.8:53 rklmhsjkgyl.org udp
US 8.8.8.8:53 bkagjso.net udp
US 8.8.8.8:53 qynadag.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 nahidhyot.org udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 ruxytdjrnal.info udp
US 8.8.8.8:53 gmcuthp.info udp
US 8.8.8.8:53 bxhvjbwn.net udp
US 8.8.8.8:53 ejiqqdj.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 ttdlzwcgoh.info udp
US 8.8.8.8:53 lohizdsczgp.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tdtfkghr.info udp
US 8.8.8.8:53 wmwsga.com udp
US 8.8.8.8:53 vgvowzrx.info udp
US 8.8.8.8:53 fwzcxotpvnwx.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 xgrpvsoaxwy.net udp
US 8.8.8.8:53 mlzxtx.info udp
US 8.8.8.8:53 vnqrls.net udp
US 8.8.8.8:53 aegcepzghxwn.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 kyhslb.info udp
US 8.8.8.8:53 iiyanwjkc.info udp
US 8.8.8.8:53 zeguzqewlkg.net udp
US 8.8.8.8:53 iynkwmfed.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ggasoawukeqe.org udp
US 8.8.8.8:53 lgjozi.net udp
US 8.8.8.8:53 kqnsrmhwj.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 kkqekgwiwq.com udp
US 8.8.8.8:53 aguxblfmqiia.net udp
US 8.8.8.8:53 ruhgwgdevnr.com udp
US 8.8.8.8:53 rwselgprr.net udp
US 8.8.8.8:53 tchthj.net udp
US 8.8.8.8:53 lojmhed.info udp
US 8.8.8.8:53 maeunkze.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 barhbtxt.info udp
US 8.8.8.8:53 tupmnkd.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 xsemndjuo.net udp
US 8.8.8.8:53 bfunsipspoo.net udp
US 8.8.8.8:53 wqxopepldat.info udp
US 8.8.8.8:53 tcyormp.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 xogohuh.com udp
US 8.8.8.8:53 bwgybqtqg.org udp
US 8.8.8.8:53 zmmszhv.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 qejkjwf.info udp
US 8.8.8.8:53 wybccsm.info udp
US 8.8.8.8:53 awsssy.org udp
US 8.8.8.8:53 lrjzdy.info udp
US 8.8.8.8:53 eoxypzs.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 yuvgymzszwj.net udp
US 8.8.8.8:53 hmpysghyr.com udp
US 8.8.8.8:53 bylbrlymcwwl.info udp
US 8.8.8.8:53 nwsrvpih.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 ovugyufowrj.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 jkiwkm.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 hnzmyy.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 herikbn.net udp
US 8.8.8.8:53 ilmivzzq.net udp
US 8.8.8.8:53 lqchmehqvkb.com udp
US 8.8.8.8:53 fmluyir.net udp
US 8.8.8.8:53 yamugekyie.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 apfsjokixj.info udp
US 8.8.8.8:53 gcmgridxp.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 hmlyyer.net udp
US 8.8.8.8:53 pzingfbv.info udp
US 8.8.8.8:53 sqkkcsuccm.com udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 fjzrauhwwdj.org udp
US 8.8.8.8:53 zpzobjrmzin.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 qeoggcyamgmq.com udp
US 8.8.8.8:53 ywigcsucyw.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 yplqxrwl.net udp
US 8.8.8.8:53 aeljen.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 yvizbpae.info udp
US 8.8.8.8:53 xqipnotpzemx.net udp
US 8.8.8.8:53 uyrkpagkh.info udp
US 8.8.8.8:53 bjxfqqrau.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ptdqtai.info udp
US 8.8.8.8:53 pbhtngkq.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 nmhryadkp.info udp
US 8.8.8.8:53 ubzqjhdqpu.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 bjdrxojeqslw.info udp
US 8.8.8.8:53 qslcbxviv.info udp
US 8.8.8.8:53 liikgyfgc.org udp
US 8.8.8.8:53 ldhjtozrrc.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 jqfijitjd.com udp
US 8.8.8.8:53 ykewqyyiew.org udp
US 8.8.8.8:53 xtxnenzw.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 lpfzzvllz.com udp
US 8.8.8.8:53 aqxwzwinuqt.info udp
US 8.8.8.8:53 gackrmjzg.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 hemzisncitgg.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 qarsjiqwl.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ocjpvhhunn.info udp
US 8.8.8.8:53 lalcphn.com udp
US 8.8.8.8:53 eagqquoc.com udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 cjzill.info udp
US 8.8.8.8:53 aaftpevwng.net udp
US 8.8.8.8:53 qghsbqvvhmv.info udp
US 8.8.8.8:53 ivkhfs.net udp
US 8.8.8.8:53 sfxrubka.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 lwjesskgt.net udp
US 8.8.8.8:53 wkqsjjphse.info udp
US 8.8.8.8:53 byjllzwmuylz.net udp
US 8.8.8.8:53 ktlmxhq.net udp
US 8.8.8.8:53 rigcvtngix.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 qgvtfypv.net udp
US 8.8.8.8:53 daerpcvoaih.org udp
US 8.8.8.8:53 dfampwpuhmf.com udp
US 8.8.8.8:53 iyuaaw.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 qskuiymg.com udp
US 8.8.8.8:53 yhkcdbypqbah.info udp
US 8.8.8.8:53 jygbbfpqpsb.net udp
US 8.8.8.8:53 mcjmduskyt.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 uxykswd.net udp
US 8.8.8.8:53 jxgjpent.net udp
US 8.8.8.8:53 gtcaxubivkz.info udp
US 8.8.8.8:53 chuqagravlah.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 januvgvr.info udp
US 8.8.8.8:53 twbtvfpunmmz.info udp
US 8.8.8.8:53 fsubbbh.org udp
US 8.8.8.8:53 vuleibjrjt.net udp
US 8.8.8.8:53 ybbbpyvkqxj.info udp
US 8.8.8.8:53 poxiiihkn.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 effyjb.net udp
US 8.8.8.8:53 ymeiin.net udp
US 8.8.8.8:53 gmjifq.net udp
US 8.8.8.8:53 bghkfqlwj.org udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 nmdycqhit.net udp
US 8.8.8.8:53 dwvgokjkapb.net udp
US 8.8.8.8:53 yaewkoka.com udp
US 8.8.8.8:53 tmezjobct.org udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 ukikwkgq.org udp
US 8.8.8.8:53 uuslwapyjnlg.net udp
US 8.8.8.8:53 reknlizwf.net udp
US 8.8.8.8:53 nqmujubfqqk.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 wogmqoacecma.com udp
US 8.8.8.8:53 sqpqjanvp.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 iiksnougjqx.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 wgmgokauce.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 dqvhzeat.info udp
US 8.8.8.8:53 qkuhxhtuzu.net udp
US 8.8.8.8:53 dkdkuoe.net udp
US 8.8.8.8:53 jmlpunoylbbf.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 oblyzk.net udp
US 8.8.8.8:53 iusuyqcy.org udp
US 8.8.8.8:53 smkqnya.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 kctmdiz.info udp
US 8.8.8.8:53 akxcuqbjfmx.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 srjdoz.net udp
US 8.8.8.8:53 bljqveoqfse.org udp
US 8.8.8.8:53 hmnpbwhibjsz.net udp
US 8.8.8.8:53 dcmcnw.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 hxtlvxridgk.org udp
US 8.8.8.8:53 pgbekmqv.net udp
US 8.8.8.8:53 qusklqf.net udp
US 8.8.8.8:53 eoikyyoucsgo.org udp
US 8.8.8.8:53 rpbyxvdt.info udp
US 8.8.8.8:53 twlylcfyf.org udp
US 8.8.8.8:53 msyxrnmfinzv.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 jcjawtrm.info udp
US 8.8.8.8:53 zdaxsl.info udp
US 8.8.8.8:53 nyvfjsryoqe.net udp
US 8.8.8.8:53 keallmzdkjef.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 frsobv.net udp
US 8.8.8.8:53 jvgdhfsp.net udp
US 8.8.8.8:53 axbypwzvw.net udp
US 8.8.8.8:53 seimkycy.org udp
US 8.8.8.8:53 jqvwewgsdmd.com udp
US 8.8.8.8:53 qeqiiyiweo.com udp
US 8.8.8.8:53 vwxjbql.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 evqphxlv.net udp
US 8.8.8.8:53 bhdqdgncxez.info udp
US 8.8.8.8:53 bimvledsy.org udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 jtatuhlo.info udp
US 8.8.8.8:53 xamdzvre.net udp
US 8.8.8.8:53 mqqgmmoquu.org udp
US 8.8.8.8:53 smwkws.org udp
US 8.8.8.8:53 snhzhakufssh.info udp
US 8.8.8.8:53 akeyuqos.org udp
US 8.8.8.8:53 gwcxvqtytk.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 hekzxc.net udp
US 8.8.8.8:53 gwcimptjuotu.info udp
US 8.8.8.8:53 syuyai.com udp
US 8.8.8.8:53 srgeokdaxu.info udp
US 8.8.8.8:53 zlbmsinil.net udp
US 8.8.8.8:53 nktujw.net udp
US 8.8.8.8:53 yxgvkuolulpi.info udp
US 8.8.8.8:53 hwmgxumed.com udp
US 8.8.8.8:53 kmjqhursuadq.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 nebcbinyxgp.org udp
US 8.8.8.8:53 gchhjnnkd.net udp
US 8.8.8.8:53 eygaskggka.com udp
US 8.8.8.8:53 remiwex.net udp
US 8.8.8.8:53 diixbgb.com udp
US 8.8.8.8:53 qcokcmocuimq.com udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 rgoshpxos.com udp
US 8.8.8.8:53 jsaifqidjwl.com udp
US 8.8.8.8:53 ooogqmia.org udp
US 8.8.8.8:53 qnxczybaoh.net udp
US 8.8.8.8:53 jkdjdsukt.net udp
US 8.8.8.8:53 ycoswg.org udp
US 8.8.8.8:53 gwexadg.net udp
US 8.8.8.8:53 xgdnrio.com udp
US 8.8.8.8:53 xxvrkspdanir.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 tqdulcv.com udp
US 8.8.8.8:53 qceqmomyki.com udp
US 8.8.8.8:53 boakdrqiflm.info udp
US 8.8.8.8:53 ptpqkybdbmr.net udp
US 8.8.8.8:53 ktneeg.info udp
US 8.8.8.8:53 okasgwmsce.org udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 qkrqol.net udp
US 8.8.8.8:53 iyqwpyj.info udp
US 8.8.8.8:53 ndkgdeccv.org udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 nxyvhgr.org udp
US 8.8.8.8:53 dfxkepdt.info udp
US 8.8.8.8:53 xzierbqw.net udp
US 8.8.8.8:53 dyjywwbb.info udp
US 8.8.8.8:53 hfbihufhjue.net udp
US 8.8.8.8:53 fzbynv.info udp
US 8.8.8.8:53 nlbkrbvyw.net udp
US 8.8.8.8:53 muprrr.net udp
US 8.8.8.8:53 aqhrnav.net udp
US 8.8.8.8:53 uwqlmbjc.info udp
US 8.8.8.8:53 kesiiieiyuci.org udp
US 8.8.8.8:53 tawsrdf.net udp
US 8.8.8.8:53 gyzlvr.net udp
US 8.8.8.8:53 penslvp.com udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 vnxfuovrlhlp.info udp
US 8.8.8.8:53 dyvelxi.com udp
US 8.8.8.8:53 pmqkyvcimebd.net udp
US 8.8.8.8:53 vhijtvboq.info udp
US 8.8.8.8:53 lwmjdukp.net udp
US 8.8.8.8:53 mslujmf.net udp

Files

C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe

MD5 26f398c93a993fd88b127cbbe3f5956d
SHA1 1e505dfce27ce2fa6683666f8facc77548e13251
SHA256 3510d4469cc4a796aa05419029062d7e32ceceadd441dd76fd18a55d3d12629a
SHA512 e57a71e504f870719500f39bea7b9700bc97d11122c6cd6270bc05a9902888df15d5232b987cbd862fa6f5cb9cec52958288af83625930383bdbb19e32857f4c

C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe

MD5 c01efe28cc72f758cb5548c1b0f4afe1
SHA1 23a4aae9c403e8a8484e80780ad911459332bcd6
SHA256 b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b
SHA512 b1ce44a9919ea0ee91cb3b6d94522656102d95e8c5589d13736045b1919d908fa17e6bf07921e4e94cdc54f3abdc15be3c8fe82a347f6ea955e6958e045ca316

C:\Users\Admin\AppData\Local\Temp\jowdhl.exe

MD5 c347f6a24fb5c357f2f1bfbf7151082f
SHA1 3cdeecdc5aab8df26fd4bbe8d93eeb5946738c00
SHA256 8fb5ddf04592263a6e31ced33e92d9a605e5c16beea012105fa355d5c40bc115
SHA512 1abe26599d1c8bb6ae447232b29b79fa1d44fb8b77105f2ae28980a1e6ee761818390019c267fd6b75e004879ac598bbb74667379c1edf7876a423334f7138f2

C:\Users\Admin\AppData\Local\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm

MD5 43f41e685ca623ec0bc660c71b940006
SHA1 2279e83d1dd4e86e28342757a58f668d44f654d0
SHA256 9130df3168b76b94cc17faa9b19b5282b70d20788bb2bc55412c28160bc0e465
SHA512 0cb14bf103846884dd095ebb0daa5c81c976ac706ab874c0e16a581a374e0d667ae9885c8c7166cedb1d5c4f37b0743f43f490cac3b3298fa49e8f9eabb2a056

C:\Users\Admin\AppData\Local\deillluxvwqiuntjilmqtttc.dey

MD5 65a7b3923e05bb5887ac241c47df55c7
SHA1 ab09880c24edf8d6f677aa34a4f74e8b5869d50c
SHA256 98c72c7e8e8125df68a11a451a34c097354d64da07fbc7116bc696106672f4b4
SHA512 2b439435e24df2eb0d106cc88887cbf6a3111b58c62145fb9415e9c16efc3f3526507def0177b7d1413898a669049adff8d6319c947143e48c654b13bbb34b8d

C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey

MD5 69b8aa2d47a6fe602b40fcb40d4fb7c1
SHA1 e0876e899882655138e2345d2a6c43521df4e885
SHA256 7679ddf56cc465fe934b59fe6807b34be3da17a4a0105867aec4da89dc178bbf
SHA512 63098d9b3161cb13385185ad21e68c2855925c0996cef397281b3a4dbaf15e0b77026b078842168773b5d49d0289acca310ef9f03a6f350d2b871b8fa3742587

C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey

MD5 908c4d042032c615a08d70a87a6e68b4
SHA1 81cc396d2feee664a063a7427ce5df60f5944a8a
SHA256 8183e656d44f50d41e75e5047cc5c71993c6b9d2c7a1bebd7cf4dfa95140305e
SHA512 99d85f7e1ce5e1ddc015417f39b64bc5377de0c75d639b0528dfe263a291cb5931928bdc827854dc6af32cf08051fe7d11d258f8941df0083d350d0ac65148ca

C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey

MD5 fc074933f8a1433ba6d96b52ab0bcf7b
SHA1 2f9de2fb647e55bb6f99846e8d2372c9d65cd4f9
SHA256 85a229479a885cd22c8cc737eebba019f17b4aca7564c5dbfb0ce9ae13573723
SHA512 17aa51846bad33e050c20acc88278d6d24761d8c6fcebe0253913a912dbcdae97ad8f21e419b04e54f1d03ea5b00c6af110c2bc66ee97827853eb2e5f5ce08b6

C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey

MD5 51f092c53125da0d7d943a2578cf1dd3
SHA1 98098e9a9ef2b447461fefbe0d757b558291e00a
SHA256 a8a1bb1ef9f7ef68591df5cce609e9d5dd5809eec6c7e197329401294fa2266f
SHA512 4b2e31ebf3df5443949202a9fb01072d5a8fa6f668c92e02eea03de1b1589317dd0cad3e8b5a8f233ab3520badd9be1354891f97ea3d9d2ab2f6e0d2fe3c85a6

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 22:53

Reported

2025-04-18 22:56

Platform

win10v2004-20250314-en

Max time kernel

52s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Windows\wkyrfwpivhpbvvue.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Windows\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Windows\wkyrfwpivhpbvvue.exe N/A
N/A N/A C:\Windows\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Windows\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Windows\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Windows\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Windows\dshbqicwkxgtoppaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Windows\zsljcywumdqhglpehongz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\xofbsmieujujgjlyzeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
N/A N/A C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
N/A N/A C:\Windows\dshbqicwkxgtoppaz.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "zsljcywumdqhglpehongz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "zsljcywumdqhglpehongz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "zsljcywumdqhglpehongz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "wkyrfwpivhpbvvue.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "mcsndwrmbpznjlmyyc.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File created C:\Windows\SysWOW64\bazdceimkhaxcnxsbotsrvu.aec C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File created C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Program Files (x86)\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File created C:\Program Files (x86)\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File created C:\Windows\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\bazdceimkhaxcnxsbotsrvu.aec C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
File opened for modification C:\Windows\mcsndwrmbpznjlmyyc.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\qkedxutsldrjjpukowwqkj.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\dshbqicwkxgtoppaz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
File opened for modification C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mcsndwrmbpznjlmyyc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcurjebypfrhfjmacigy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xofbsmieujujgjlyzeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zsljcywumdqhglpehongz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5356 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 5356 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 5356 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 6092 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 6092 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 6092 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 4496 wrote to memory of 4568 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 4496 wrote to memory of 4568 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 4496 wrote to memory of 4568 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 4568 wrote to memory of 5148 N/A C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4568 wrote to memory of 5148 N/A C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4568 wrote to memory of 5148 N/A C:\Windows\xofbsmieujujgjlyzeb.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4864 wrote to memory of 4720 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 4864 wrote to memory of 4720 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 4864 wrote to memory of 4720 N/A C:\Windows\system32\cmd.exe C:\Windows\kcurjebypfrhfjmacigy.exe
PID 2376 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 2376 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 2376 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 1916 wrote to memory of 3684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
PID 1916 wrote to memory of 3684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
PID 1916 wrote to memory of 3684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
PID 2308 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
PID 2308 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
PID 2308 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
PID 4896 wrote to memory of 5952 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4896 wrote to memory of 5952 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4896 wrote to memory of 5952 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4732 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4732 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 4732 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 2212 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
PID 2212 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
PID 2212 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
PID 2320 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 2320 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 2320 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 1052 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 1052 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 1052 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 3320 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3320 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3320 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3320 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3320 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3320 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
PID 3916 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
PID 3916 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
PID 3916 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
PID 744 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 744 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 744 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\wkyrfwpivhpbvvue.exe
PID 5296 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Windows\zsljcywumdqhglpehongz.exe
PID 5296 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Windows\zsljcywumdqhglpehongz.exe
PID 5296 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Windows\zsljcywumdqhglpehongz.exe
PID 2468 wrote to memory of 6084 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 2468 wrote to memory of 6084 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 2468 wrote to memory of 6084 N/A C:\Windows\wkyrfwpivhpbvvue.exe C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
PID 1608 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1608 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1608 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3872 wrote to memory of 3848 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 3872 wrote to memory of 3848 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 3872 wrote to memory of 3848 N/A C:\Windows\system32\cmd.exe C:\Windows\xofbsmieujujgjlyzeb.exe
PID 1584 wrote to memory of 2496 N/A C:\Windows\system32\cmd.exe C:\Windows\dshbqicwkxgtoppaz.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xchrweo.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\xchrweo.exe

"C:\Users\Admin\AppData\Local\Temp\xchrweo.exe" "-C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe"

C:\Users\Admin\AppData\Local\Temp\xchrweo.exe

"C:\Users\Admin\AppData\Local\Temp\xchrweo.exe" "-C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe

C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe

C:\Windows\mcsndwrmbpznjlmyyc.exe

mcsndwrmbpznjlmyyc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."

C:\Windows\wkyrfwpivhpbvvue.exe

wkyrfwpivhpbvvue.exe

C:\Windows\zsljcywumdqhglpehongz.exe

zsljcywumdqhglpehongz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe

C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe

C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .

C:\Windows\xofbsmieujujgjlyzeb.exe

xofbsmieujujgjlyzeb.exe

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kcurjebypfrhfjmacigy.exe

kcurjebypfrhfjmacigy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\dshbqicwkxgtoppaz.exe

dshbqicwkxgtoppaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.myspace.com udp
US 34.111.176.156:80 www.myspace.com tcp
DE 91.64.127.195:41122 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 nqgljsisc.info udp
US 8.8.8.8:53 byqoamvcr.com udp
US 8.8.8.8:53 tmypognonyp.info udp
US 8.8.8.8:53 mcfuxyx.info udp
US 8.8.8.8:53 uoyqgwcyqo.com udp
US 8.8.8.8:53 mxxjju.net udp
US 8.8.8.8:53 aikiuw.com udp
US 8.8.8.8:53 jzsirdfsyukt.net udp
US 8.8.8.8:53 thpqvqbzvoof.info udp
US 8.8.8.8:53 lfjvvfbidk.net udp
US 8.8.8.8:53 okobzkpodnk.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
DE 91.64.127.195:41122 tcp
US 8.8.8.8:53 ntbktaxx.net udp
US 8.8.8.8:53 jgxyziq.com udp
US 8.8.8.8:53 rkhlgchutah.info udp
US 8.8.8.8:53 wtfmpq.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 kbipxyan.net udp
US 8.8.8.8:53 osmmwiokgqmg.org udp
US 8.8.8.8:53 cgbhzav.net udp
US 8.8.8.8:53 fsrqnf.net udp
US 8.8.8.8:53 fctuqapprdv.info udp
US 8.8.8.8:53 tsheimv.com udp
US 8.8.8.8:53 bbvmvonsrgo.org udp
US 8.8.8.8:53 wvbniei.net udp
US 8.8.8.8:53 lflomyhsd.com udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 rjvuhdtucy.info udp
US 8.8.8.8:53 ooikmwmsssqk.org udp
US 8.8.8.8:53 jrsfbehtpo.net udp
US 8.8.8.8:53 lxlonupld.com udp
US 8.8.8.8:53 ffpjjj.net udp
US 8.8.8.8:53 aqrtjgn.info udp
US 8.8.8.8:53 dzevrqzfcs.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 vvvhsnhfsr.info udp
US 8.8.8.8:53 okggmiaeskuy.org udp
US 8.8.8.8:53 ecgpfllc.info udp
US 8.8.8.8:53 mqgisi.com udp
US 8.8.8.8:53 qsjayliq.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 oyxjzglbsbwn.net udp
US 8.8.8.8:53 zwkgfgp.com udp
US 8.8.8.8:53 kkdzxs.net udp
US 8.8.8.8:53 ldmcysd.org udp
US 8.8.8.8:53 egkmqyks.org udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 pubdruogecu.org udp
US 8.8.8.8:53 vrtmckbqs.org udp
US 8.8.8.8:53 azlpqmffevro.net udp
US 8.8.8.8:53 ksstdzbowzwx.info udp
US 8.8.8.8:53 mumagkss.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 kdorpu.net udp
US 8.8.8.8:53 icqtysjtl.info udp
US 8.8.8.8:53 lqdejiy.org udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 oxucnmxoz.info udp
US 8.8.8.8:53 ngfcqt.info udp
US 8.8.8.8:53 muykokqe.com udp
US 8.8.8.8:53 avorpipe.info udp
US 8.8.8.8:53 rmlwazouv.info udp
US 8.8.8.8:53 gwyswwoa.com udp
US 8.8.8.8:53 vqrkjozybof.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 noezsskximn.info udp
US 8.8.8.8:53 pzaivcbtpz.net udp
US 8.8.8.8:53 wjbndot.net udp
US 8.8.8.8:53 qwqoui.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 dbofezpshjhw.net udp
US 8.8.8.8:53 rrdwkinqmzan.info udp
US 8.8.8.8:53 pjskoqpejcta.info udp
US 8.8.8.8:53 masuce.org udp
US 8.8.8.8:53 rvmurktkglat.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 zfvpllfhxcqw.info udp
US 8.8.8.8:53 qgopqodhmfyn.info udp
US 8.8.8.8:53 psdnfixkknp.net udp
US 8.8.8.8:53 rvkzxsksrx.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 gonsqv.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 efewocjyeyt.net udp
US 8.8.8.8:53 eiqarefkbnv.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 lcliggieyl.info udp
US 8.8.8.8:53 rodyqazwf.net udp
US 8.8.8.8:53 zhfgzajs.info udp
US 8.8.8.8:53 qqwuicmm.com udp
US 8.8.8.8:53 kwvbzlj.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 xadyaikilaf.info udp
US 8.8.8.8:53 sugnkq.net udp
US 8.8.8.8:53 kcuggkgymw.com udp
US 8.8.8.8:53 tgxqtg.info udp
US 8.8.8.8:53 kqeisacsouco.com udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 eeoqmcuy.org udp
US 8.8.8.8:53 odjdfs.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 bwaaxjz.net udp
US 8.8.8.8:53 tlhfmxplxszg.info udp
US 8.8.8.8:53 zuahvvfwncp.info udp
US 8.8.8.8:53 kgrhjfmtlg.info udp
US 8.8.8.8:53 wxtnictw.net udp
US 8.8.8.8:53 wwmymumasq.com udp
US 8.8.8.8:53 furqtetgi.org udp
US 8.8.8.8:53 dfxkduejpeh.org udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 oezkduhsd.info udp
US 8.8.8.8:53 egdfntn.info udp
US 8.8.8.8:53 pqfhvw.info udp
US 8.8.8.8:53 vwcwzqosey.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 fcdnfwkm.net udp
US 8.8.8.8:53 rgrjjaubhgb.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 drnulndsf.net udp
US 8.8.8.8:53 yuimwogi.org udp
US 8.8.8.8:53 dwfsjyabfex.info udp
US 8.8.8.8:53 idhvodxl.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 hiegjhb.com udp
US 8.8.8.8:53 irixgsenfexl.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 nawwvylul.info udp
US 8.8.8.8:53 bhpmiura.info udp
US 8.8.8.8:53 skggci.org udp
US 8.8.8.8:53 aqglpgaa.info udp
US 8.8.8.8:53 mikqyy.org udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 cumksuqc.com udp
US 8.8.8.8:53 vzbsvdpik.net udp
US 8.8.8.8:53 xdhwreuarc.info udp
US 8.8.8.8:53 xefehixwaiz.info udp
US 8.8.8.8:53 ebcwmxakhqqf.net udp
US 8.8.8.8:53 htyvjr.net udp
US 8.8.8.8:53 sgtlssukpxz.info udp
US 8.8.8.8:53 baklnwb.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 fgihdutz.info udp
US 8.8.8.8:53 xawmnvlfjmx.info udp
US 8.8.8.8:53 vhsbrhvvwszk.info udp
US 8.8.8.8:53 ywnmkrytvbnl.net udp
US 8.8.8.8:53 nzdxdlbejjo.info udp
US 8.8.8.8:53 hbfhnglsr.com udp
US 8.8.8.8:53 zvfdrbbssdhd.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 aquwqqxaf.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 psncnubqvkb.com udp
US 8.8.8.8:53 topdlyikvdf.org udp
US 8.8.8.8:53 yzpxnbck.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 bxwntoaug.net udp
US 8.8.8.8:53 eassyk.com udp
US 8.8.8.8:53 pcupzuilhn.net udp
US 8.8.8.8:53 iatgmbdmn.info udp
US 8.8.8.8:53 nbjylepcjdin.info udp
US 8.8.8.8:53 whlulmi.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 fwlwxubhm.com udp
US 8.8.8.8:53 bxhgfks.net udp
US 8.8.8.8:53 gifvdciarzgb.info udp
US 8.8.8.8:53 lmpmoqulqfp.info udp
US 8.8.8.8:53 szsvybhoqq.net udp
US 8.8.8.8:53 nlxllh.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ooekgiqgysmk.org udp
US 8.8.8.8:53 dctwvtpeu.net udp
US 8.8.8.8:53 cyeimkweuwmy.com udp
US 8.8.8.8:53 njrrvxbutg.net udp
US 8.8.8.8:53 vsrilyj.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 asviyilov.info udp
US 8.8.8.8:53 ikmfhpff.info udp
US 8.8.8.8:53 nfyloqwv.net udp
US 8.8.8.8:53 lbhjeutt.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 ymkugu.com udp
US 8.8.8.8:53 putqyeb.net udp
US 8.8.8.8:53 knjihpdgrb.net udp
US 8.8.8.8:53 xjqsbvfw.net udp
US 8.8.8.8:53 ydrgxnrwbv.info udp
US 8.8.8.8:53 quxwpwsminf.net udp
US 8.8.8.8:53 kuofau.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 fkspnhzu.info udp
US 8.8.8.8:53 tuvdqcuircn.com udp
US 8.8.8.8:53 urlgyoll.net udp
US 8.8.8.8:53 bjfsfiztdka.net udp
US 8.8.8.8:53 kibsbogss.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 hitmosblryv.org udp
US 8.8.8.8:53 nqmgyatjr.org udp
US 8.8.8.8:53 dwvthflxpfll.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 bbsgsb.info udp
US 8.8.8.8:53 hcrxukk.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 nogbdz.net udp
US 8.8.8.8:53 afxtnxfkue.net udp
US 8.8.8.8:53 okfadcsdz.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 drqmme.info udp
US 8.8.8.8:53 eewqmwso.com udp
US 8.8.8.8:53 yykscykafgns.net udp
US 8.8.8.8:53 suwkhodgqgb.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 lksltyb.info udp
US 8.8.8.8:53 wauwhup.net udp
US 8.8.8.8:53 uyiwiooi.com udp
US 8.8.8.8:53 hltjygx.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 ewzgsqreozs.net udp
US 8.8.8.8:53 gkxvzl.info udp
US 8.8.8.8:53 riaxtjzzxwke.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 fibebaoanol.net udp
US 8.8.8.8:53 hjcnpiqcksax.info udp
US 8.8.8.8:53 fkdgakrwl.com udp
US 8.8.8.8:53 nwakcvqetddt.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 ygdikrhxllsg.net udp
US 8.8.8.8:53 bjeseotnvz.info udp
US 8.8.8.8:53 eefufemkpwq.info udp
US 8.8.8.8:53 dwdclmj.net udp
US 8.8.8.8:53 hpmldefspwu.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 rtxhbwsxlz.info udp
US 8.8.8.8:53 rpecwiq.info udp
US 8.8.8.8:53 snzhdn.net udp
US 8.8.8.8:53 dbiokrlu.net udp
US 8.8.8.8:53 dwpmcwemx.net udp
US 8.8.8.8:53 rkhezmt.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 anlmsuk.net udp
US 8.8.8.8:53 gimkegse.com udp
US 8.8.8.8:53 xhelqstzfv.net udp
US 8.8.8.8:53 ccmwtug.net udp
US 8.8.8.8:53 nezwtaxtz.org udp
US 8.8.8.8:53 uylsetsmxzrf.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 hwlocedal.net udp
US 8.8.8.8:53 vnztbp.net udp
US 8.8.8.8:53 sijwoachx.info udp
US 8.8.8.8:53 xejcfc.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jjgtrtduqwlw.net udp
US 8.8.8.8:53 ycnhry.info udp
US 8.8.8.8:53 pxlzfrnwpd.info udp
US 8.8.8.8:53 spjzdh.info udp
US 8.8.8.8:53 mdvmxsyqns.net udp
US 8.8.8.8:53 vshipyyrj.com udp
US 8.8.8.8:53 qyfarqhcyow.net udp
US 8.8.8.8:53 xcgctqfrpvxn.net udp
US 8.8.8.8:53 kwhnlsvlrlt.info udp
US 8.8.8.8:53 caxmjcdev.info udp
US 8.8.8.8:53 fvnnnpcs.net udp
US 8.8.8.8:53 eebrhvheishc.net udp
US 8.8.8.8:53 gwwmcqsioaki.org udp
US 8.8.8.8:53 xxcsfot.com udp
US 8.8.8.8:53 dctqforwk.com udp
US 8.8.8.8:53 sqsokwlctiv.net udp
US 8.8.8.8:53 rmrkccttr.org udp
US 8.8.8.8:53 cqfqxobwdqz.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 hxmirbrwnx.net udp
US 8.8.8.8:53 xefmfrjarcyl.net udp
US 8.8.8.8:53 udjfavgm.info udp
US 8.8.8.8:53 hypkakhlmy.info udp
US 8.8.8.8:53 nebmlmbvdbt.net udp
US 8.8.8.8:53 qpoxyujkvzdq.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 tghclnarytma.info udp
US 8.8.8.8:53 xupazehwp.net udp
US 8.8.8.8:53 sxadhrfw.net udp
US 8.8.8.8:53 bcmsblrvn.com udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 pbtabuhk.info udp
US 8.8.8.8:53 cevjorb.net udp
US 8.8.8.8:53 pnpcmnsq.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 vteivueg.net udp
US 8.8.8.8:53 yugemkui.org udp
US 8.8.8.8:53 wgieme.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 cweusaqwyy.com udp
US 8.8.8.8:53 wkieugyu.org udp
US 8.8.8.8:53 dwdzzshf.info udp
US 8.8.8.8:53 sktrrja.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 iedslrsij.info udp
US 8.8.8.8:53 awvgtxs.net udp
US 8.8.8.8:53 jnyucbxilcsr.net udp
US 8.8.8.8:53 qchgxvcnjr.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 njmkhnhyeyt.info udp
US 8.8.8.8:53 iclghlmadq.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 bikedyb.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 tiiaoedhb.net udp
US 8.8.8.8:53 cazqdydnn.net udp
US 8.8.8.8:53 iumisc.org udp
US 8.8.8.8:53 qwxzcsyxlz.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 ayuscuek.com udp
US 8.8.8.8:53 wlqfxq.info udp
US 8.8.8.8:53 qqynzrjbca.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 xrqhfhlwz.net udp
US 8.8.8.8:53 zycybalekwv.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 wiglykwae.net udp
US 8.8.8.8:53 uzoqhk.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 uyoful.net udp
US 8.8.8.8:53 ugiqoyya.org udp
US 8.8.8.8:53 txrpnqwau.com udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 phsplyh.com udp
US 8.8.8.8:53 dhswvice.info udp
US 8.8.8.8:53 ldgqcyohky.net udp
US 8.8.8.8:53 otryhsc.info udp
US 8.8.8.8:53 wjhzqdttqy.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 rrnqjuyxl.net udp
US 8.8.8.8:53 gqfcvchwv.net udp
US 8.8.8.8:53 rwsfirgnpvxv.net udp
US 8.8.8.8:53 wkqicslhlkj.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 hknixwdknue.info udp
US 8.8.8.8:53 eejwdarmswx.info udp
US 8.8.8.8:53 pilegl.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 toogpycl.net udp
US 8.8.8.8:53 hefxpc.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 vovigazhvcj.org udp
US 8.8.8.8:53 jwxmiyimh.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 ucfsrzl.net udp
US 8.8.8.8:53 iotrojfwi.net udp
US 8.8.8.8:53 psdrzelyr.net udp
US 8.8.8.8:53 ogyytydxjeg.net udp
US 8.8.8.8:53 nllgvmc.info udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 gazefmucduz.info udp
US 8.8.8.8:53 byahpmmju.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 tvjwnhkq.info udp
US 8.8.8.8:53 qycmme.org udp
US 8.8.8.8:53 twchowfkdfy.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 lmfhvluqdkb.info udp
US 8.8.8.8:53 iixjlujr.net udp
US 8.8.8.8:53 rudzlytvi.org udp
US 8.8.8.8:53 vuwypato.net udp
US 8.8.8.8:53 eokvub.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 putfxqv.org udp
US 8.8.8.8:53 mixyjfr.net udp
US 8.8.8.8:53 pqfcliu.org udp
US 8.8.8.8:53 lttmgntl.net udp
US 8.8.8.8:53 wfdjjbuwx.net udp
US 8.8.8.8:53 zmrepgnoibe.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 boveifnpgvxq.net udp
US 8.8.8.8:53 hjtfpdfkzg.info udp
US 8.8.8.8:53 jzqonorgpq.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 tufusplsdxvj.net udp
US 8.8.8.8:53 nefsbc.info udp
US 8.8.8.8:53 zxpxavfqys.info udp
US 8.8.8.8:53 nqvylcjvko.info udp
US 8.8.8.8:53 banxxjtu.info udp
US 8.8.8.8:53 kbpowlplzt.net udp
US 8.8.8.8:53 ewfejgwko.net udp
US 8.8.8.8:53 zwfigpu.net udp
US 8.8.8.8:53 ntgmyuncdyh.com udp
US 8.8.8.8:53 rpasznfyus.info udp
US 8.8.8.8:53 tgyuhya.org udp
US 8.8.8.8:53 valeuyecu.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 qgckrlsofxv.net udp
US 8.8.8.8:53 fkppuezspib.com udp
US 8.8.8.8:53 kccioukecmim.com udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 ukicmwccsksg.org udp
US 8.8.8.8:53 eoukqmgi.com udp
US 8.8.8.8:53 qwmfzgh.info udp
US 8.8.8.8:53 oubbvffehirr.net udp
US 8.8.8.8:53 xapcpzpsr.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 aabbtrsevgil.net udp
US 8.8.8.8:53 zgfmqgzla.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 ksnelpckjan.info udp
US 8.8.8.8:53 kakqia.org udp
US 8.8.8.8:53 ddwnke.net udp
US 8.8.8.8:53 auzklmfpnkz.net udp
US 8.8.8.8:53 oqoqyegi.org udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 bdwxbm.info udp
US 8.8.8.8:53 ywcuciss.com udp
US 8.8.8.8:53 mkmyukcioyeo.com udp
US 8.8.8.8:53 pgzzsenlrf.net udp
US 8.8.8.8:53 vewnsadvvzgc.net udp
US 8.8.8.8:53 wwmwwwgseu.com udp
US 8.8.8.8:53 xhdztsfyg.com udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 hcfanww.org udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 rufzowcaezwh.net udp
US 8.8.8.8:53 febgqot.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 ulicbcr.net udp
US 8.8.8.8:53 wkgywmyeki.org udp
US 8.8.8.8:53 ralmdt.net udp
US 8.8.8.8:53 fsdozey.net udp
US 8.8.8.8:53 rrjkne.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 hmxnvffibizr.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 jaffgk.net udp
US 8.8.8.8:53 kzgoskiin.net udp
US 8.8.8.8:53 bvttlksj.net udp
US 8.8.8.8:53 yatfbfnkl.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 yojoluu.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 tcrcve.info udp
US 8.8.8.8:53 vddmfabc.info udp
US 8.8.8.8:53 awsiawcq.org udp
US 8.8.8.8:53 nftkcwptb.info udp
US 8.8.8.8:53 nebhgldc.info udp
US 8.8.8.8:53 korjkotedahq.net udp
US 8.8.8.8:53 xtzzkj.net udp
US 8.8.8.8:53 gqochr.info udp
US 8.8.8.8:53 siqwem.org udp
US 8.8.8.8:53 eucaekim.com udp
US 8.8.8.8:53 iivixanid.info udp
US 8.8.8.8:53 dbxwtxbukejo.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 gusuke.org udp
US 8.8.8.8:53 nqwwnbcw.info udp
US 8.8.8.8:53 vnkapyllfo.info udp
US 8.8.8.8:53 qkrrxy.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 wwgylwxue.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 gqrmaszaq.net udp
US 8.8.8.8:53 byqkbud.org udp
US 8.8.8.8:53 zzlgnpbb.net udp
US 8.8.8.8:53 jodyzyektjoa.net udp
US 8.8.8.8:53 syrvegxmyao.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 ecucoywi.com udp
US 8.8.8.8:53 rwfqsmq.org udp
US 8.8.8.8:53 uamchac.net udp
US 8.8.8.8:53 yaciqwoc.com udp
US 8.8.8.8:53 maeunkze.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 agquggwccgcu.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 tgerhszutdf.info udp
US 8.8.8.8:53 dvpumxrcjj.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 zzxxbm.info udp
US 8.8.8.8:53 ikzgmyh.net udp
US 8.8.8.8:53 chbhdpxg.info udp
US 8.8.8.8:53 qjfsolx.net udp
US 8.8.8.8:53 jsdceqa.org udp
US 8.8.8.8:53 ewayssyimayu.com udp
US 8.8.8.8:53 wghmtufllo.info udp
US 8.8.8.8:53 yqakwgki.com udp
US 8.8.8.8:53 tdjucxngzkm.info udp
US 8.8.8.8:53 xplsdbpr.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 qduozsaxfjr.net udp
US 8.8.8.8:53 uapqdyz.net udp
US 8.8.8.8:53 viyylrhutj.info udp
US 8.8.8.8:53 bcxkaty.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 zgkqiuvn.net udp
US 8.8.8.8:53 hpaiqkiwj.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 hupyrfg.net udp
US 8.8.8.8:53 ftattwjnx.info udp
US 8.8.8.8:53 ownwhso.net udp
US 8.8.8.8:53 pebloxnvlik.info udp
US 8.8.8.8:53 rqhgyujrhx.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 dtqero.net udp
US 8.8.8.8:53 dmxhjyzojzl.org udp
US 8.8.8.8:53 eczbvkmmuzj.net udp
US 8.8.8.8:53 hclysgrmv.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ugwglyfyf.info udp
US 8.8.8.8:53 swcogsowck.org udp
US 8.8.8.8:53 tqbytkybrmn.info udp
US 8.8.8.8:53 oyemaqoauewo.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 pqvkojdizyzf.net udp
US 8.8.8.8:53 yuzgapg.info udp
US 8.8.8.8:53 dryqnamp.net udp
US 8.8.8.8:53 drgvvqqbal.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 zpdehcee.info udp
US 8.8.8.8:53 mxtzpiijrk.net udp
US 8.8.8.8:53 lqchmehqvkb.com udp
US 8.8.8.8:53 irlmvlrya.net udp
US 8.8.8.8:53 wppitxsqbfdd.info udp
US 8.8.8.8:53 eusism.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 znldfvzcyxfb.net udp
US 8.8.8.8:53 fhlkjmn.info udp
US 8.8.8.8:53 agjshwl.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 qmrqnnaibpbj.info udp
US 8.8.8.8:53 xdseensu.net udp
US 8.8.8.8:53 imfalkfpz.net udp
US 8.8.8.8:53 fzzyjbnmo.com udp
US 8.8.8.8:53 bnqklklisc.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 wumrdat.info udp
US 8.8.8.8:53 fipevzrwlwr.net udp
US 8.8.8.8:53 hahdyfaem.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 qacqlus.net udp
US 8.8.8.8:53 jwwdskqyu.com udp
US 8.8.8.8:53 dxlmrdr.com udp
US 8.8.8.8:53 ymguwlriv.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 nypszp.net udp
US 8.8.8.8:53 kszwwovoa.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 zvlcbkcwf.org udp
US 8.8.8.8:53 tyysliseisn.com udp
US 8.8.8.8:53 daaqgxh.net udp
US 8.8.8.8:53 zorscdz.org udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 rztamj.net udp
US 8.8.8.8:53 ikrlkokclxt.info udp
US 8.8.8.8:53 dmfqysc.com udp
US 8.8.8.8:53 gokkpxhntyr.info udp
US 8.8.8.8:53 pzsrnn.info udp
US 8.8.8.8:53 yxetabbuwenv.net udp
US 8.8.8.8:53 oskumy.org udp
US 8.8.8.8:53 tjwytizs.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 iovtfshfmj.net udp
US 8.8.8.8:53 njfyfbyxvr.net udp
US 8.8.8.8:53 mcdqwqh.net udp
US 8.8.8.8:53 geuymww.info udp
US 8.8.8.8:53 dcrmnkcezmr.com udp
US 8.8.8.8:53 wubngvnil.info udp
US 8.8.8.8:53 eihzzkta.net udp
US 8.8.8.8:53 nvopelbb.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 ubzqjhdqpu.info udp
US 8.8.8.8:53 mccikmiaqu.com udp
US 8.8.8.8:53 knjatymw.net udp
US 8.8.8.8:53 tutczuf.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 kwthxhnh.net udp
US 8.8.8.8:53 imetsvuscwn.net udp
US 8.8.8.8:53 digqzs.net udp
US 8.8.8.8:53 ncbgkqppdaap.net udp
US 8.8.8.8:53 viwyrwydb.org udp
US 8.8.8.8:53 asqqtmhqdgl.net udp
US 8.8.8.8:53 yuwayo.org udp
US 8.8.8.8:53 rqnxifizgwsj.net udp
US 8.8.8.8:53 pvbywcgwysfu.net udp
US 8.8.8.8:53 jawipes.com udp
US 8.8.8.8:53 zkogzgxamor.net udp
US 8.8.8.8:53 pzpwaa.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 jupcjjpuvahh.info udp
US 8.8.8.8:53 iuysik.org udp
US 8.8.8.8:53 mkwyumsqio.org udp
US 8.8.8.8:53 filytkg.info udp
US 8.8.8.8:53 ugasoq.org udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 hkpmfin.com udp
US 8.8.8.8:53 mmfwzxtir.info udp
US 8.8.8.8:53 fielxk.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 keggicyq.com udp
US 8.8.8.8:53 bnwsvo.net udp
US 8.8.8.8:53 zcrnalnsp.com udp
US 8.8.8.8:53 wkfjjahqvkk.info udp
US 8.8.8.8:53 hxockobonvj.com udp
US 8.8.8.8:53 xvvtfuz.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 rufmzfcypmh.net udp
US 8.8.8.8:53 rpqctxfbtcfy.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 eswkcsckskqo.com udp
US 8.8.8.8:53 jkllshdedl.net udp
US 8.8.8.8:53 xduorrxy.net udp
US 8.8.8.8:53 movurehtpxqz.net udp
US 8.8.8.8:53 qgaouusyawia.com udp
US 8.8.8.8:53 ielkjlnarv.info udp
US 8.8.8.8:53 jniovum.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 eiiuqsumuw.com udp
US 8.8.8.8:53 jfludhaebi.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 xsddrjpcbt.net udp
US 8.8.8.8:53 aaftpevwng.net udp
US 8.8.8.8:53 hlxletjqec.info udp
US 8.8.8.8:53 pijpnex.com udp
US 8.8.8.8:53 ycsmmmyk.com udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 ueveosnohdh.net udp
US 8.8.8.8:53 cnuqnfyyaj.net udp
US 8.8.8.8:53 agekagsmye.org udp
US 8.8.8.8:53 guoasgeikiyg.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 vqxulk.info udp
US 8.8.8.8:53 rbuifxjegy.net udp
US 8.8.8.8:53 mpomyenylv.info udp
US 8.8.8.8:53 kuwoeiokmoac.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 gyfmhypcnav.info udp
US 8.8.8.8:53 vhtzfesbxtru.info udp
US 8.8.8.8:53 fkgidsdepmn.com udp
US 8.8.8.8:53 rgmudgkbvf.info udp
US 8.8.8.8:53 xfgmmkszwu.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 vmtkgndcoij.com udp
US 8.8.8.8:53 xqnczyq.info udp
US 8.8.8.8:53 skncckcqfkn.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 zgekwepzpsao.info udp
US 8.8.8.8:53 vuleibjrjt.net udp
US 8.8.8.8:53 lqnvccbbqop.com udp
US 8.8.8.8:53 ourctfsmkg.net udp
US 8.8.8.8:53 nanszgashef.com udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 lbagzrrjrniq.info udp
US 8.8.8.8:53 lvnxngt.org udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 vffbjkwotiky.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 kzbicp.info udp
US 8.8.8.8:53 ytwjljzupb.info udp
US 8.8.8.8:53 auvmsmnazmj.info udp
US 8.8.8.8:53 dmyidig.com udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 dkbipwdqxwz.com udp
US 8.8.8.8:53 agmwfmugt.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 gqooqkquymuw.org udp
US 8.8.8.8:53 lcxlvagnywpq.info udp
US 8.8.8.8:53 jyludl.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 dxzznd.info udp
US 8.8.8.8:53 iwfotnxdx.net udp
US 8.8.8.8:53 bklljpa.info udp
US 8.8.8.8:53 sntyyq.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 aaaygycqumuk.com udp
US 8.8.8.8:53 ampocuhbjsy.info udp
US 8.8.8.8:53 zozmtbrlztly.net udp
US 8.8.8.8:53 xyxtdrtw.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 gkammqok.com udp
US 8.8.8.8:53 robtrede.net udp
US 8.8.8.8:53 fneoyxja.net udp
US 8.8.8.8:53 ksugllygfw.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 lialdcn.info udp
US 8.8.8.8:53 trlglgdvk.net udp
US 8.8.8.8:53 awimws.org udp
US 8.8.8.8:53 mjhrpurtf.info udp
US 8.8.8.8:53 ucxkhcb.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 pctgjkc.net udp
US 8.8.8.8:53 kfbrthxyceir.net udp
US 8.8.8.8:53 agkoayoumeoy.com udp
US 8.8.8.8:53 lzlmbotfc.info udp
US 8.8.8.8:53 xzorndrepw.info udp
US 8.8.8.8:53 haymflbcn.org udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 drqvpb.info udp
US 8.8.8.8:53 zzqjto.net udp
US 8.8.8.8:53 rwdhnq.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 igxzbkqihqf.net udp
US 8.8.8.8:53 eorobfj.info udp
US 8.8.8.8:53 rvxfakieiy.net udp
US 8.8.8.8:53 vsltvpo.org udp
US 8.8.8.8:53 nnlukz.net udp
US 8.8.8.8:53 pegubidpd.com udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 ttkfqpjt.info udp
US 8.8.8.8:53 qeqiiyiweo.com udp
US 8.8.8.8:53 bizcxz.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 pvzyfdpvfe.net udp
US 8.8.8.8:53 alhwlmih.net udp
US 8.8.8.8:53 latudsbun.info udp
US 8.8.8.8:53 rrxzdwmrr.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 snhzhakufssh.info udp
US 8.8.8.8:53 cmxfojwmoz.info udp
US 8.8.8.8:53 gmtgfgvnhp.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 nyefvbndeu.info udp
US 8.8.8.8:53 tzbcap.info udp
US 8.8.8.8:53 zlbmsinil.net udp
US 8.8.8.8:53 baaytfoiqlfp.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 iyjofui.info udp
US 8.8.8.8:53 xcujivgaamjj.net udp
US 8.8.8.8:53 tdfkdijpra.info udp
US 8.8.8.8:53 yscmgi.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 iuioekiyqm.org udp
US 8.8.8.8:53 xtzgsogf.net udp
US 8.8.8.8:53 empaiqmewsb.net udp
US 8.8.8.8:53 xudpqweca.net udp
US 8.8.8.8:53 byvnpqlotrrp.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 kwvxwiszjpg.info udp
US 8.8.8.8:53 rtgoiw.info udp
US 8.8.8.8:53 vrnddrrmxh.info udp
US 8.8.8.8:53 lamvamrqv.com udp
US 8.8.8.8:53 cywiic.com udp
US 8.8.8.8:53 tvjamwoum.org udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 eqigwesc.org udp
US 8.8.8.8:53 uqcukumiws.com udp
US 8.8.8.8:53 ooogqmia.org udp
US 8.8.8.8:53 flvekobb.net udp
US 8.8.8.8:53 ahaarpz.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 fzlxheby.info udp
US 8.8.8.8:53 phtcxqxsryr.org udp
US 8.8.8.8:53 hcyquvdojcrh.info udp
US 8.8.8.8:53 msvcpvheg.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 hfibjixcnv.net udp
US 8.8.8.8:53 xczqpfsq.net udp
US 8.8.8.8:53 hmduoav.com udp
US 8.8.8.8:53 pfhkgjudyr.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 rgixcydenwn.net udp
US 8.8.8.8:53 guwwmecwge.org udp
US 8.8.8.8:53 riggkatwk.info udp
US 8.8.8.8:53 ptpqkybdbmr.net udp
US 8.8.8.8:53 tzugdgob.info udp
US 8.8.8.8:53 surlhyf.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 xolafyo.org udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 ynxdfrnwlk.net udp
US 8.8.8.8:53 agtatmwgh.info udp
US 8.8.8.8:53 gdgezthffsru.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 btfapfuh.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 heqixmqykt.net udp
US 8.8.8.8:53 hdnpuunbc.com udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 wkldqrkpaz.info udp
US 8.8.8.8:53 pvuscboenez.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 kkpknttwdyv.net udp
US 8.8.8.8:53 gsmalljblrdo.info udp
US 8.8.8.8:53 quwhjoarj.net udp
US 8.8.8.8:53 ycngvplmaqu.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 wamggmuagesg.org udp
US 8.8.8.8:53 mpytks.net udp
US 8.8.8.8:53 wipdsls.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 dzrxfy.info udp
US 8.8.8.8:53 yiuvtuhapdae.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 omfuoaf.info udp
US 8.8.8.8:53 xszojlob.info udp
US 8.8.8.8:53 zwpaxq.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 nfaipqjzchhx.net udp
US 8.8.8.8:53 psrrqakzlx.info udp
US 8.8.8.8:53 ykqgwahalan.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 dahxrm.net udp
US 8.8.8.8:53 pxwtkcla.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 scukugf.info udp
US 8.8.8.8:53 zorxtqbyj.org udp
US 8.8.8.8:53 qmtgqnjgdvw.info udp
US 8.8.8.8:53 eylkbkpal.info udp
US 8.8.8.8:53 wwkaqu.com udp
US 8.8.8.8:53 zutwnqqcpgb.info udp
US 8.8.8.8:53 juptfrx.info udp
US 8.8.8.8:53 ckmiohrnxguw.info udp
US 8.8.8.8:53 ggbfhz.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 zhqbxjxl.net udp
US 8.8.8.8:53 twaonbuasalj.info udp
US 8.8.8.8:53 zqzplwdvydhi.info udp
US 8.8.8.8:53 kccyca.org udp
US 8.8.8.8:53 ldzsmv.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 enpdlrdx.info udp
US 8.8.8.8:53 ibavrxzyut.info udp
US 8.8.8.8:53 sfexbzvriz.info udp
US 8.8.8.8:53 saaica.com udp
US 8.8.8.8:53 rolqtyt.net udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 igukoe.com udp
US 8.8.8.8:53 hejrqzjozrv.net udp
US 8.8.8.8:53 voouver.com udp
US 8.8.8.8:53 iinaksrbyo.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 fdxqzu.net udp
US 8.8.8.8:53 ungykx.net udp
US 8.8.8.8:53 tfatha.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 zanjbg.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 pbhqdnhg.info udp
US 8.8.8.8:53 debujzrsrye.info udp
US 8.8.8.8:53 akyuesckcymm.com udp
US 8.8.8.8:53 qmdyrizcryn.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 egxaiwoicmy.info udp
US 8.8.8.8:53 wkvqgpfvda.net udp
US 8.8.8.8:53 dcpsztks.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 aqsoqywk.com udp
US 8.8.8.8:53 lputegbv.net udp
US 8.8.8.8:53 lmzpabhapojl.info udp
US 8.8.8.8:53 nmdetfzlud.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 fwokxwu.info udp
US 8.8.8.8:53 scgvvbjqc.info udp
US 8.8.8.8:53 xqirhc.net udp
US 8.8.8.8:53 bagxut.net udp
US 8.8.8.8:53 scmsci.org udp
US 8.8.8.8:53 fvqzjnxplmzr.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 vehuxguwz.info udp
US 8.8.8.8:53 icrhumtu.net udp
US 8.8.8.8:53 qskiyoqikk.com udp
US 8.8.8.8:53 mxhenepsp.info udp
US 8.8.8.8:53 njmcziusyml.net udp
US 8.8.8.8:53 jmmateeavgp.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 velqbkv.info udp
US 8.8.8.8:53 igqvvogjhgke.net udp
US 8.8.8.8:53 qmpmvfnqr.net udp
US 8.8.8.8:53 jafrwjovcmrn.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 hijsjf.info udp
US 8.8.8.8:53 fbdwwo.info udp
US 8.8.8.8:53 qioeyikiskio.org udp
US 8.8.8.8:53 xnbezwdl.info udp
US 8.8.8.8:53 nygadseimxh.net udp
US 8.8.8.8:53 lrvnbqgx.net udp
US 8.8.8.8:53 fcpvwc.net udp
US 8.8.8.8:53 gikowiqguw.org udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 ysegwwus.org udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 pyglbynwx.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 jfroicpmkxr.net udp
US 8.8.8.8:53 hgneekowjoj.org udp
US 8.8.8.8:53 vyiinszciag.org udp
US 8.8.8.8:53 sybpyrua.info udp
US 8.8.8.8:53 biydbwv.com udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 jqfwjntsqchn.info udp
US 8.8.8.8:53 swyacu.org udp
US 8.8.8.8:53 gdupknvkvigp.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 aqbhbyrotuh.net udp
US 8.8.8.8:53 hcjgrdz.org udp
US 8.8.8.8:53 fwvgxbjszlf.org udp
US 8.8.8.8:53 rtxghrbibwqh.net udp
US 8.8.8.8:53 hafdvljslobr.net udp
US 8.8.8.8:53 zzwpverv.info udp
US 8.8.8.8:53 nafyty.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 zozisczxsmh.net udp
US 8.8.8.8:53 sgbyejuxqv.net udp
US 8.8.8.8:53 mmjzgaj.net udp
US 8.8.8.8:53 mxbsqgqmjz.info udp
US 8.8.8.8:53 mckgeuwkoc.com udp
US 8.8.8.8:53 wwpgagmql.info udp
US 8.8.8.8:53 liedpedyv.net udp
US 8.8.8.8:53 hdmevlj.org udp
US 8.8.8.8:53 macgoah.info udp
US 8.8.8.8:53 hnnkpzbc.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 pfdssuhydjv.net udp
US 8.8.8.8:53 belyhqdwi.org udp
US 8.8.8.8:53 pqhhxiajzyro.info udp
US 8.8.8.8:53 beapxyg.com udp
US 8.8.8.8:53 rdakzgyml.com udp
US 8.8.8.8:53 wytsbmvhy.net udp
US 8.8.8.8:53 urtpbpppbrvq.net udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 tctwdwo.net udp
US 8.8.8.8:53 sxynfilb.net udp
US 8.8.8.8:53 zxthlskvhg.net udp
US 8.8.8.8:53 obvsnxpqi.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 tyordop.org udp
US 8.8.8.8:53 zsfzjrokut.info udp
US 8.8.8.8:53 halweqjvx.net udp
US 8.8.8.8:53 myiosmuucuck.org udp
US 8.8.8.8:53 ctkdzswq.net udp
US 8.8.8.8:53 guoauq.com udp
US 8.8.8.8:53 ztfzzf.net udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 lfrlruwayazs.info udp
US 8.8.8.8:53 aixeraldn.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 vgosjbcebax.info udp
US 8.8.8.8:53 qtrvkxnp.net udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 gmjshx.net udp
US 8.8.8.8:53 ohvaeippmatj.info udp
US 8.8.8.8:53 gwuughj.net udp
US 8.8.8.8:53 najirqt.org udp
US 8.8.8.8:53 cqqgpzvkyjab.net udp
US 8.8.8.8:53 tglwpu.net udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 ksqwgokwycic.org udp
US 8.8.8.8:53 aspcjycc.net udp
US 8.8.8.8:53 iuiepxhobgj.net udp
US 8.8.8.8:53 omrypuzatwd.net udp
US 8.8.8.8:53 bmxlrhxayrbg.info udp
US 8.8.8.8:53 pzjpoyfpns.net udp
US 8.8.8.8:53 hnhoxv.net udp
US 8.8.8.8:53 zthzxx.info udp
US 8.8.8.8:53 yeuaeykucywm.org udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 ycqowicu.com udp
US 8.8.8.8:53 tikqtercmfvh.info udp
US 8.8.8.8:53 gihqiibmmx.info udp
US 8.8.8.8:53 tpegpatynkb.com udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 bibuxrxez.info udp
US 8.8.8.8:53 iqksueeqisca.org udp
US 8.8.8.8:53 ommyouwokg.org udp
US 8.8.8.8:53 iixablrrj.info udp
US 8.8.8.8:53 yiccfxwn.info udp
US 8.8.8.8:53 guoivvrolqfn.info udp
US 8.8.8.8:53 rpxqbc.net udp
US 8.8.8.8:53 jkepidbal.com udp
US 8.8.8.8:53 nqvtbwbpgq.info udp
US 8.8.8.8:53 nazuhcgmve.net udp
US 8.8.8.8:53 igdsxajduqk.info udp
US 8.8.8.8:53 mgkagcgygiii.com udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 cgswscoo.org udp
US 8.8.8.8:53 mnfjlsw.net udp
US 8.8.8.8:53 yeegmfynaagr.info udp
US 8.8.8.8:53 bsjnrgg.net udp
US 8.8.8.8:53 yhgoce.info udp
US 8.8.8.8:53 gggzlyb.info udp
US 8.8.8.8:53 uytafts.net udp
US 8.8.8.8:53 nyiemuofzpta.info udp
US 8.8.8.8:53 saesrkycd.net udp
US 8.8.8.8:53 uyimwcckmq.org udp
US 8.8.8.8:53 yugmak.com udp
US 8.8.8.8:53 sldihwcklsr.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 fwhnopzwqqr.com udp
US 8.8.8.8:53 gqaiguckwmiy.org udp
US 8.8.8.8:53 jybmsgtquco.info udp
US 8.8.8.8:53 ayvtux.info udp
US 8.8.8.8:53 djyzzfbetd.net udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 moggwqiiwksm.com udp
US 8.8.8.8:53 bflhmzhuhs.net udp
US 8.8.8.8:53 nrpqjt.info udp
US 8.8.8.8:53 qplhmmahtnvz.net udp
US 8.8.8.8:53 dazjdmxyy.org udp
US 8.8.8.8:53 uyvytotyxey.net udp
US 8.8.8.8:53 uliaatbvxtit.info udp
US 8.8.8.8:53 aouytupcj.net udp
US 8.8.8.8:53 dthrja.net udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 ugemcwaomeig.org udp
US 8.8.8.8:53 pckodoqwh.info udp
US 8.8.8.8:53 naajaftqhqr.com udp
US 8.8.8.8:53 vnpxusbqkyzc.net udp
US 8.8.8.8:53 kmwvcwxa.info udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 txedrdkl.info udp
US 8.8.8.8:53 aynuvhplc.net udp
US 8.8.8.8:53 xbfhtyff.info udp
US 8.8.8.8:53 elqmvlqvwc.info udp
US 8.8.8.8:53 efnoixetnzpe.info udp
US 8.8.8.8:53 uacagqeiekya.com udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 gokokcya.com udp
US 8.8.8.8:53 zmpcqwf.net udp
US 8.8.8.8:53 nqmvkdqdrg.info udp
US 8.8.8.8:53 lmfwbghmy.com udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 tipufqd.net udp
US 8.8.8.8:53 tmypognonyp.info udp
US 8.8.8.8:53 swqffyrhfb.info udp
US 8.8.8.8:53 koieiuimyy.com udp
US 8.8.8.8:53 iafgqqooyku.net udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 zufoqnzxtstt.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 nxncouct.net udp
US 8.8.8.8:53 tsheimv.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 htbudy.net udp
US 8.8.8.8:53 ykplxcpzxdhg.net udp
US 8.8.8.8:53 xylfbzxczv.info udp
US 8.8.8.8:53 ctzbfg.info udp
US 8.8.8.8:53 ypbbzhuw.info udp
US 8.8.8.8:53 dvfkvhmu.net udp
US 8.8.8.8:53 rjvuhdtucy.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 mrksacjl.info udp
US 8.8.8.8:53 vvvhsnhfsr.info udp
US 8.8.8.8:53 mitbikquo.info udp
US 8.8.8.8:53 mwrptcv.net udp
US 8.8.8.8:53 ecgpfllc.info udp
US 8.8.8.8:53 yaojvxvizxfw.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 pesxfil.com udp
US 8.8.8.8:53 icimig.org udp
US 8.8.8.8:53 ldmcysd.org udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 ylbbxwhigc.info udp
US 8.8.8.8:53 hnvikxcezldf.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 symwuqksmoqk.org udp
US 8.8.8.8:53 gsxmtr.net udp
US 8.8.8.8:53 emmwgs.com udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 laxrsig.info udp
US 8.8.8.8:53 fzbzwonu.net udp
US 8.8.8.8:53 ohjpjthfof.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 qqocasaaiu.org udp
US 8.8.8.8:53 wcbrovxplcly.info udp
US 8.8.8.8:53 suusuu.com udp
US 8.8.8.8:53 wqhvjmzkh.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 aiosocow.org udp
US 8.8.8.8:53 fgpjmnxs.info udp
US 8.8.8.8:53 izjghbxz.info udp
US 8.8.8.8:53 nfjzfkmeh.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 semayokg.com udp
US 8.8.8.8:53 lbvjqa.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 gsuzjh.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 kcrwomznpeb.info udp
US 8.8.8.8:53 socydai.net udp
US 8.8.8.8:53 nnqgud.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 tjnezkt.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 uaooicakymqu.com udp
US 8.8.8.8:53 isrbdst.info udp
US 8.8.8.8:53 vokyfljh.info udp
US 8.8.8.8:53 hszdlqtymq.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 blulsn.net udp
US 8.8.8.8:53 grcanwaf.net udp
US 8.8.8.8:53 gdumwmxloqge.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 rbhajqjgxun.info udp
US 8.8.8.8:53 wwmymumasq.com udp
US 8.8.8.8:53 cuqmwgaumq.com udp
US 8.8.8.8:53 qdpbyazudqp.net udp
US 8.8.8.8:53 mazangbai.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 zyfitez.info udp

Files

C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe

MD5 669f7fc2eb7fb5c4108e38ab26bbfd96
SHA1 bb650d81826897ce7c203360f46b7575bb95c38e
SHA256 ea040ad76dc37e989ace4f6f9a35d6bf66fad6f92c91d18325285deda0b168a3
SHA512 601a1938db4d67394f1b70deea4308b7af4a1d8e3f6c2d8c85eb2901ae038114c677892a314b6ffbaa192db2d564664de5358f0739d63b1b713d53f7a0bbcd19

C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe

MD5 c01efe28cc72f758cb5548c1b0f4afe1
SHA1 23a4aae9c403e8a8484e80780ad911459332bcd6
SHA256 b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b
SHA512 b1ce44a9919ea0ee91cb3b6d94522656102d95e8c5589d13736045b1919d908fa17e6bf07921e4e94cdc54f3abdc15be3c8fe82a347f6ea955e6958e045ca316

C:\Users\Admin\AppData\Local\Temp\xchrweo.exe

MD5 7fdf9607636152fa101e8eba3496b1b9
SHA1 15441a84c6b0d6129d26dd5663d675b6c9cf556c
SHA256 1fde5099f6f75d4d41f28ece6e8a3a9e17898b0a2b7ea89c426e973e7b7a2862
SHA512 83bf562a55470b11b51ceb14dc627a485de00845c7b1876e0c333eee9b66e2e8887da620e3002cad99d9ca7d96a650b54462e856c6a3d931262097c3d543b07a

C:\Users\Admin\AppData\Local\bazdceimkhaxcnxsbotsrvu.aec

MD5 d5935e046cf38c21ad6ea78fa85f9d7b
SHA1 060e42af9b8c6e051e4e5f48bcdf4bb1bfdb99cc
SHA256 cf6adeba9ad69eb161222f507db13ea00ed6647e0a9bdf6905016140274a684f
SHA512 9c487ee777f22e3c8d828685a0d691ed6b705f2f4e8ec014705edcc8d90e592606aba5ddc5eef8aa3911370203e624de2652f5b6e3dbd304e4af63c73d2403e7

C:\Users\Admin\AppData\Local\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo

MD5 2a2ed55a60af08663360f53d518ac4ad
SHA1 c4f78198817d655c2456da36618b24fbdad411ea
SHA256 9b801b6ce3e0e2b61f397fa0e12c9deb4898950359411699bc2dc8909511702d
SHA512 22f2a71c5626958c6e512d11dea548aed4897b15bc4fca9181c5975d60cef6ee9b34e6e54b1acd15b06d62f77c15a5b175b759e806f063493f6c45f6c3bc7efb

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 92461967c100ddabd218018c2778d876
SHA1 078f639f31e13be414b9489ab0e9b207a25d4847
SHA256 9b407846fddae7e2e8c32617aaeaacc8676574b2c970627c77f52dbbf0263f97
SHA512 9ec4824eb129b8947b999e961c9ffd59b293bb8e788f8f6490bfd3fecf7b1cb4c3db42ba578765ee661751f0ef43fad1710f1f1983f8b8aa2dbe624b82777d5f

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 e311d3692c5a6981372001c1ecec6446
SHA1 c2d1720b9d539c74ddbe7402fabffd5ca4c87f09
SHA256 0cd65279d2db11e32040589de34c827df8aee50637e84428882411b91a092c77
SHA512 8e70228932e2c2a4f2c615075e624aaa1b21c3a4e524cc9ec3680f6bee23ea43dae8f215c0c3900a6fe44b628f6065c2022eb82b1da536ecb8995e7ecc4e59cc

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 3436a85d4bce198dc6597a2d9d35c423
SHA1 314da0f4d87da0d6d7e6affe0f8b0488132e64b8
SHA256 35b741ef904ad563376d79f772198bba3cfe1dc377ec7ef85650aac27e6a1b2e
SHA512 b3fe105026b6f438d0af2d9e1c957dac99893890602d09005448a2ba3f331a2a73e9f6f566ef3c2244835f14f33cf661f1ecad71b713e7ac18435671af92a590

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 236f518b44fce06756c24e7b7a74897c
SHA1 a6829fe2f15ac5fc302f6b5238890084df806330
SHA256 6edb50e65feffe094d66001b956fa061924e0df9e15e35580370cf34d7da7ab8
SHA512 1f4e2f575b021a1259c534370894c00a4227b6b581967812ea63ae7648c8d52078fd935ce0737c7b2cce82ed309f019c049c5c50d58d16e5afb28fe6b1fbb5d1

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 d455faed48248ffa5183be94475dc4ea
SHA1 344b3255ec9aff14c9169e17e22cdf944ffd070b
SHA256 6df29bf5b80876e0e0c686b0e0e12d7ef901d9e441fb242af56ab99cd501dd0e
SHA512 69406022d2811b48d4a4d1599fa55d2a6f339b27f86f6b17f5284599aaa2d465da7cc26a9e2d18b4733f42e1d473d5857f9ed612da2cf6571b1d6b2e31b1ba2b

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 0091bb396daf98004dd8fbbcf8c8c515
SHA1 784fe844f0446493da14ffb9abc870b7c572fa7d
SHA256 5dbc7e37012b7e5680d48b70552587a7a739ec32496035df1a791f9969ba0228
SHA512 7d511ea7d6af58fb1e5121fba702271e951f24045614761f80ef908c554504ce94c1269559f9d1dfee013e872e78a490cee6de09d906804a6d771f470f587097

C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec

MD5 30ec271e25d6da09e00334f34822a125
SHA1 48fcded115beaa8d5d5c1b1a322afd4de9f8b13d
SHA256 f07474ea3088cffde24b07cfb60ecde59aa14738376bddb7d5d51ab2a0a5caca
SHA512 b18748bd6215e871cc0d0fbd24e5c2d0da0b0f73a243addebf8a126f15022c20637bce5fd76be6d6fc40a9bbdd273e6b4c28e7663009bf7d1c738fdbea0d1b93