Malware Analysis Report

2025-08-10 16:35

Sample ID 250418-cvl6pa1qt4
Target JaffaCakes118_bc2c2e6019e42289641123c2db3584dc
SHA256 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af

Threat Level: Known bad

The file JaffaCakes118_bc2c2e6019e42289641123c2db3584dc was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

Modifies WinLogon for persistence

UAC bypass

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Checks computer location settings

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 02:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 02:23

Reported

2025-04-18 02:26

Platform

win10v2004-20250313-en

Max time kernel

41s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\wjgrlyseufwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Windows\wjgrlyseufwmbxca.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
N/A N/A C:\Windows\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Windows\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Windows\mbanjyuiangypnuufg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Windows\xnnbyolathbumltugiy.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\wjgrlyseufwmbxca.exe N/A
N/A N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Windows\wjgrlyseufwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "mbanjyuiangypnuufg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "drpbwkfsjvneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "wjgrlyseufwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "mbanjyuiangypnuufg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "drpbwkfsjvneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "kbcrpgeuodyslluwjmde.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "zrtjiazqlbxsmnxaoskmc.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe ." C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "xnnbyolathbumltugiy.exe" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Program Files (x86)\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Program Files (x86)\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File created C:\Windows\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qjmddwwokbyuprcgvatwnn.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\mbanjyuiangypnuufg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\drpbwkfsjvneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wjgrlyseufwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrtjiazqlbxsmnxaoskmc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2720 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2720 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2720 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4340 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\mbanjyuiangypnuufg.exe
PID 4340 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\mbanjyuiangypnuufg.exe
PID 4340 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\mbanjyuiangypnuufg.exe
PID 4488 wrote to memory of 4664 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 4488 wrote to memory of 4664 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 4488 wrote to memory of 4664 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 4664 wrote to memory of 2280 N/A C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4664 wrote to memory of 2280 N/A C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4664 wrote to memory of 2280 N/A C:\Windows\kbcrpgeuodyslluwjmde.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5776 wrote to memory of 4736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
PID 5776 wrote to memory of 4736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
PID 5776 wrote to memory of 4736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
PID 5020 wrote to memory of 4624 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 5020 wrote to memory of 4624 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 5020 wrote to memory of 4624 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 4212 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 4212 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 4212 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 4624 wrote to memory of 1376 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4624 wrote to memory of 1376 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4624 wrote to memory of 1376 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4576 wrote to memory of 5968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
PID 4576 wrote to memory of 5968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
PID 4576 wrote to memory of 5968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
PID 5968 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5968 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5968 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5604 wrote to memory of 2336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5604 wrote to memory of 2336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5604 wrote to memory of 2336 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2480 wrote to memory of 2592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 2480 wrote to memory of 2592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 2480 wrote to memory of 2592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
PID 2592 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2592 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2592 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4716 wrote to memory of 5956 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 4716 wrote to memory of 5956 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 4716 wrote to memory of 5956 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 4716 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 4716 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 4716 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\knablo.exe
PID 5636 wrote to memory of 1312 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 5636 wrote to memory of 1312 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 5636 wrote to memory of 1312 N/A C:\Windows\system32\cmd.exe C:\Windows\kbcrpgeuodyslluwjmde.exe
PID 5556 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5556 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5556 wrote to memory of 5128 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4800 wrote to memory of 2476 N/A C:\Windows\system32\cmd.exe C:\Windows\wjgrlyseufwmbxca.exe
PID 4800 wrote to memory of 2476 N/A C:\Windows\system32\cmd.exe C:\Windows\wjgrlyseufwmbxca.exe
PID 4800 wrote to memory of 2476 N/A C:\Windows\system32\cmd.exe C:\Windows\wjgrlyseufwmbxca.exe
PID 5664 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 5664 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 5664 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
PID 2476 wrote to memory of 212 N/A C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
PID 2476 wrote to memory of 212 N/A C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
PID 2476 wrote to memory of 212 N/A C:\Windows\wjgrlyseufwmbxca.exe C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
PID 4632 wrote to memory of 1264 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4632 wrote to memory of 1264 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4632 wrote to memory of 1264 N/A C:\Windows\zrtjiazqlbxsmnxaoskmc.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4032 wrote to memory of 464 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\knablo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bc2c2e6019e42289641123c2db3584dc.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\knablo.exe

"C:\Users\Admin\AppData\Local\Temp\knablo.exe" "-C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe"

C:\Users\Admin\AppData\Local\Temp\knablo.exe

"C:\Users\Admin\AppData\Local\Temp\knablo.exe" "-C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\zrtjiazqlbxsmnxaoskmc.exe

zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\xnnbyolathbumltugiy.exe

xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\mbanjyuiangypnuufg.exe

mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\wjgrlyseufwmbxca.exe

wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe

C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuplyukeqfyqhfmmx.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."

C:\Windows\jhuplyukeqfyqhfmmx.exe

jhuplyukeqfyqhfmmx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axjdykfunymevlion.exe .

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .

C:\Windows\axjdykfunymevlion.exe

axjdykfunymevlion.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uthdaolcxkaunfemnzy.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\axjdykfunymevlion.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wxnlkazspewsnhisvjklb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\uthdaolcxkaunfemnzy.exe

uthdaolcxkaunfemnzy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .

C:\Windows\wxnlkazspewsnhisvjklb.exe

wxnlkazspewsnhisvjklb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe

C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe .

C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe

C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wxnlkazspewsnhisvjklb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wxnlkazspewsnhisvjklb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe

C:\Windows\kbcrpgeuodyslluwjmde.exe

kbcrpgeuodyslluwjmde.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe

C:\Windows\drpbwkfsjvneurxwg.exe

drpbwkfsjvneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe

C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe

C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe

C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.wikipedia.org udp
NL 185.15.59.224:80 www.wikipedia.org tcp
US 8.8.8.8:53 www.bbc.co.uk udp
US 151.101.192.81:80 www.bbc.co.uk tcp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 zrdhslfr.net udp
US 8.8.8.8:53 ejmyepek.net udp
US 8.8.8.8:53 mmmojmywo.info udp
US 8.8.8.8:53 thpqvqbzvoof.info udp
US 8.8.8.8:53 pkjnyexhx.info udp
US 8.8.8.8:53 lfjvvfbidk.net udp
US 8.8.8.8:53 murwtxhsbvh.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 xanfruxcciu.info udp
US 8.8.8.8:53 ntbktaxx.net udp
US 8.8.8.8:53 jgxyziq.com udp
US 8.8.8.8:53 uotdhwxz.net udp
US 8.8.8.8:53 ywfojfbqxgb.info udp
US 8.8.8.8:53 asqswo.com udp
US 8.8.8.8:53 egoktqq.info udp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 qcould.net udp
US 8.8.8.8:53 mwzqlxjdhb.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 rsbpduxcblzv.net udp
US 8.8.8.8:53 jwttupcn.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 jrsfbehtpo.net udp
US 8.8.8.8:53 vujsgcxakar.net udp
US 8.8.8.8:53 ggtctypyuyl.info udp
US 8.8.8.8:53 dqhzjvpyp.info udp
US 8.8.8.8:53 xltbiubv.net udp
US 8.8.8.8:53 bkvfhemoyj.info udp
US 8.8.8.8:53 mfdjdwtghwl.info udp
US 8.8.8.8:53 sxtwlvlgg.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 wcgiugwy.com udp
US 8.8.8.8:53 wcrrfdxt.net udp
US 8.8.8.8:53 vvfkaqtjhn.info udp
US 8.8.8.8:53 usuejceokju.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 otuwdg.net udp
US 8.8.8.8:53 uogaguoiikks.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 lsrcnsbur.net udp
US 8.8.8.8:53 njsrbmva.net udp
US 8.8.8.8:53 kakuwkugok.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 nkwrugwwxdrg.net udp
US 8.8.8.8:53 icqtysjtl.info udp
US 8.8.8.8:53 lqdejiy.org udp
US 8.8.8.8:53 jxkaga.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 xgoymyhfm.info udp
US 8.8.8.8:53 qqawkwkiawuu.com udp
US 8.8.8.8:53 cmjmiwi.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 zdqxsm.net udp
US 8.8.8.8:53 caaqum.org udp
US 8.8.8.8:53 hgakzon.com udp
US 8.8.8.8:53 umuyiw.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 dbofezpshjhw.net udp
US 8.8.8.8:53 pquzxomdwg.info udp
US 8.8.8.8:53 pxtkzqbmhuv.org udp
US 8.8.8.8:53 ayiangiastp.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 suqgjbr.info udp
US 8.8.8.8:53 jchljevuviv.net udp
US 8.8.8.8:53 mtvihkf.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 yloztkleys.info udp
US 8.8.8.8:53 zkgcposmhdp.info udp
US 8.8.8.8:53 uevgzo.info udp
US 8.8.8.8:53 finenndqxcq.org udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 assrxinszp.info udp
US 8.8.8.8:53 zqjzvcj.org udp
US 8.8.8.8:53 pzddjkgjbwzj.net udp
US 8.8.8.8:53 gmrcnht.info udp
US 8.8.8.8:53 fcxihwfxs.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 wrzcvarsd.info udp
US 8.8.8.8:53 wgiwig.org udp
US 8.8.8.8:53 ldkqgvhspg.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 gjvihytjn.info udp
US 8.8.8.8:53 dxwbbovtasey.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 qniorzfk.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 vovmgpdp.net udp
US 8.8.8.8:53 luuutojah.com udp
US 8.8.8.8:53 ubhkijhh.info udp
US 8.8.8.8:53 ugcygcyup.info udp
US 8.8.8.8:53 npdjnvrbsv.info udp
US 8.8.8.8:53 dqfhrafr.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 vtwwvlumvr.info udp
US 8.8.8.8:53 spbcxx.info udp
US 8.8.8.8:53 eyancet.info udp
US 8.8.8.8:53 vwefzcpst.com udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 fcdnfwkm.net udp
US 8.8.8.8:53 scwaei.com udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 tartzsbc.info udp
US 8.8.8.8:53 zihubnef.net udp
US 8.8.8.8:53 wgvrrscywbr.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 wkkvzoo.info udp
US 8.8.8.8:53 ssxujsg.info udp
US 8.8.8.8:53 tgbvyyjmj.info udp
US 8.8.8.8:53 zjnyfxpeo.net udp
US 8.8.8.8:53 yamikous.com udp
US 8.8.8.8:53 kkuakgkesi.org udp
US 8.8.8.8:53 qpcgluzins.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 veygfiqzcgw.org udp
US 8.8.8.8:53 mngftxfriy.net udp
US 8.8.8.8:53 nnfgnetqnw.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 fjovyudf.info udp
US 8.8.8.8:53 osvppx.info udp
US 8.8.8.8:53 drxidcsptr.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 cegooqcmuqoi.org udp
US 8.8.8.8:53 veqgufloz.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 wcxyphq.net udp
US 8.8.8.8:53 jyftldjfnpch.info udp
US 8.8.8.8:53 ekwoqgamea.org udp
US 8.8.8.8:53 nimfckjs.net udp
US 8.8.8.8:53 eijndencbsp.net udp
US 8.8.8.8:53 nlvijzyb.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 psncnubqvkb.com udp
US 8.8.8.8:53 kesbzisjvypu.info udp
US 8.8.8.8:53 wrelccmgslwk.info udp
US 8.8.8.8:53 tljpkm.net udp
US 8.8.8.8:53 xedknojkntj.info udp
US 8.8.8.8:53 mkfjzcufhx.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 xexcpmhgv.net udp
US 8.8.8.8:53 nbjylepcjdin.info udp
US 8.8.8.8:53 ssagyy.com udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 fihdevfsfp.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 wqnolvxm.info udp
US 8.8.8.8:53 ixfllp.info udp
US 8.8.8.8:53 ayikcsgi.org udp
US 8.8.8.8:53 hdxqfuykjvj.org udp
US 8.8.8.8:53 oyyisqky.org udp
US 8.8.8.8:53 ueyoek.org udp
US 8.8.8.8:53 wirdberz.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 tppzbsvd.info udp
US 8.8.8.8:53 jqjkjlqchov.com udp
US 8.8.8.8:53 pgghfkx.info udp
US 8.8.8.8:53 qwwamiwgqc.com udp
US 8.8.8.8:53 aqwamiwgqc.com udp
US 8.8.8.8:53 pqrdzynsz.net udp
US 8.8.8.8:53 ycyeemamem.org udp
US 8.8.8.8:53 zkrwbiv.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 egxuhfgou.info udp
US 8.8.8.8:53 gowgugsyeoqm.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 tuvdqcuircn.com udp
US 8.8.8.8:53 cwzdwnlc.net udp
US 8.8.8.8:53 dwscvphd.net udp
US 8.8.8.8:53 sehqlunswem.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 bqtireh.net udp
US 8.8.8.8:53 ymycocagasua.org udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 zxlozbdl.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 nwjjzbvlpxvi.info udp
US 8.8.8.8:53 gzoasqkmbuv.info udp
US 8.8.8.8:53 owwkussqmqoq.org udp
US 8.8.8.8:53 gbqxzzsjkjie.net udp
US 8.8.8.8:53 qoysfytad.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 wyeqyowgeuam.com udp
US 8.8.8.8:53 wgbgdsxus.net udp
US 8.8.8.8:53 wcimsg.org udp
US 8.8.8.8:53 sokocqom.com udp
US 8.8.8.8:53 rlndnmt.com udp
US 8.8.8.8:53 tyuqlz.info udp
US 8.8.8.8:53 cdzfxkheckko.info udp
US 8.8.8.8:53 jcowadh.org udp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 ghpxhyz.net udp
US 8.8.8.8:53 nhjtydmr.info udp
US 8.8.8.8:53 bwkhrzh.org udp
US 8.8.8.8:53 dyhytonij.com udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 dwbdki.info udp
US 8.8.8.8:53 bkdbit.info udp
US 8.8.8.8:53 mhnkngexjb.info udp
US 8.8.8.8:53 rwikzvtcvoxe.info udp
US 8.8.8.8:53 vsuuoui.info udp
US 8.8.8.8:53 rotpyetcn.info udp
US 8.8.8.8:53 lqnmpytum.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 ungwgsfmj.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 ktzksyd.info udp
US 8.8.8.8:53 nipcbhgzdsjj.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 henqlaxsfw.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 rtxcvlholljz.info udp
US 8.8.8.8:53 mwlkrce.net udp
US 8.8.8.8:53 knjkhgii.info udp
US 8.8.8.8:53 dgxwpoyuw.net udp
US 8.8.8.8:53 wtcykosbikkh.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 vpfufigapmg.org udp
US 8.8.8.8:53 wwnsenracwe.info udp
US 8.8.8.8:53 onobziqf.info udp
US 8.8.8.8:53 vglczytim.com udp
US 8.8.8.8:53 gifnbyxotha.net udp
US 8.8.8.8:53 ggyauwgmywsc.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 xzjangtahkwg.net udp
US 8.8.8.8:53 rwyxkdrufy.net udp
US 8.8.8.8:53 vnztbp.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 gytsgqocd.info udp
US 8.8.8.8:53 qyfarqhcyow.net udp
US 8.8.8.8:53 twhwjdbipci.org udp
US 8.8.8.8:53 qccwawkk.com udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ooykeygqgs.com udp
US 8.8.8.8:53 qgrevs.net udp
US 8.8.8.8:53 xyxgjur.info udp
US 8.8.8.8:53 eshervb.info udp
US 8.8.8.8:53 ewsigmgogk.com udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 udjfavgm.info udp
US 8.8.8.8:53 ddhjxjxvmwle.info udp
US 8.8.8.8:53 eakququisous.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 jwxcxko.com udp
US 8.8.8.8:53 kqgimi.org udp
US 8.8.8.8:53 rqfinovhp.com udp
US 8.8.8.8:53 ucbspdfi.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 aupmoqhqf.net udp
US 8.8.8.8:53 iwrpjsajftbq.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 kwmgxgcab.info udp
US 8.8.8.8:53 adqmfyymxt.net udp
US 8.8.8.8:53 zkdanlmh.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 mxiypcrtusuh.net udp
US 8.8.8.8:53 nmgftqptt.net udp
US 8.8.8.8:53 otfgpst.net udp
US 8.8.8.8:53 qqiyee.org udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 jcvlsinw.info udp
US 8.8.8.8:53 quygei.com udp
US 8.8.8.8:53 hoyydqlojws.net udp
US 8.8.8.8:53 ncpwsx.net udp
US 8.8.8.8:53 bnvqqc.info udp
US 8.8.8.8:53 meimyc.org udp
US 8.8.8.8:53 vfesjsbaf.com udp
US 8.8.8.8:53 wfhuhibiwsp.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 scdfnsykn.net udp
US 8.8.8.8:53 chohaffm.info udp
US 8.8.8.8:53 utxvvtsh.net udp
US 8.8.8.8:53 diigweqon.com udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 omoxmcu.info udp
US 8.8.8.8:53 quhilgt.info udp
US 8.8.8.8:53 ejhsbibuo.net udp
US 8.8.8.8:53 fmlyjiscv.com udp
US 8.8.8.8:53 wnnkbwq.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 byvxdmp.net udp
US 8.8.8.8:53 pltmczynl.info udp
US 8.8.8.8:53 wszvezwmrw.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 gommmomssq.org udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 mgioxzkix.net udp
US 8.8.8.8:53 xbpefsh.info udp
US 8.8.8.8:53 bcduzrwgklw.net udp
US 8.8.8.8:53 bmztqcv.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 ywfuuym.net udp
US 8.8.8.8:53 wiglykwae.net udp
US 8.8.8.8:53 igeuwgygkg.org udp
US 8.8.8.8:53 dqvevwd.info udp
US 8.8.8.8:53 nzmlbzgk.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 ugiqoyya.org udp
US 8.8.8.8:53 xavlflmv.info udp
US 8.8.8.8:53 pepymsq.com udp
US 8.8.8.8:53 jvibdsjkch.net udp
US 8.8.8.8:53 zdvgakdahd.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 phsplyh.com udp
US 8.8.8.8:53 wcquwkmo.org udp
US 8.8.8.8:53 iwluxplgw.info udp
US 8.8.8.8:53 gcnwhexgt.info udp
US 8.8.8.8:53 jypqced.org udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 gqfcvchwv.net udp
US 8.8.8.8:53 citroy.info udp
US 8.8.8.8:53 keeoiees.com udp
US 8.8.8.8:53 ygkfbigvjq.info udp
US 8.8.8.8:53 zendty.info udp
US 8.8.8.8:53 ptujckqxhdeo.net udp
US 8.8.8.8:53 kxyuozlwmlhj.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 obxafewmj.info udp
US 8.8.8.8:53 zjmqhwp.info udp
US 8.8.8.8:53 wurvrdnkkij.info udp
US 8.8.8.8:53 mgkgeh.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 emhubirnvrl.info udp
US 8.8.8.8:53 neuclptcwr.info udp
US 8.8.8.8:53 yhhzdbrkmfic.info udp
US 8.8.8.8:53 xbhccm.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 uezqtablkhao.info udp
US 8.8.8.8:53 qhomuazeb.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 iotrojfwi.net udp
US 8.8.8.8:53 nllgvmc.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 hufruhwiab.info udp
US 8.8.8.8:53 mwkuqk.com udp
US 8.8.8.8:53 gqrtxwywf.info udp
US 8.8.8.8:53 eooekyeaoiic.org udp
US 8.8.8.8:53 sqdmlmoqdmd.info udp
US 8.8.8.8:53 qivcfzf.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 vmfgpri.net udp
US 8.8.8.8:53 nwkkjifwqil.info udp
US 8.8.8.8:53 twchowfkdfy.info udp
US 8.8.8.8:53 drtsxwxmj.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 hxzmgvrciuzn.net udp
US 8.8.8.8:53 vcmcub.net udp
US 8.8.8.8:53 fpdzcf.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 qmyarj.info udp
US 8.8.8.8:53 bmrkjmtyjfn.org udp
US 8.8.8.8:53 xkfcvmtcmez.info udp
US 8.8.8.8:53 voflgepciyp.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 mkgkmwuy.org udp
US 8.8.8.8:53 wcgguvuixvd.net udp
US 8.8.8.8:53 iecbwr.net udp
US 8.8.8.8:53 awoevws.net udp
US 8.8.8.8:53 ohnbqinh.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 tsiypnkcmf.info udp
US 8.8.8.8:53 dcxwjai.com udp
US 8.8.8.8:53 jjmauz.info udp
US 8.8.8.8:53 zwfigpu.net udp
US 8.8.8.8:53 tycecdhnagp.org udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 lyxzktdavfgy.info udp
US 8.8.8.8:53 lhgqgdnsqr.net udp
US 8.8.8.8:53 isbjbgao.info udp
US 8.8.8.8:53 zslarw.net udp
US 8.8.8.8:53 kwtyrov.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 oeqyaa.com udp
US 8.8.8.8:53 lctavcja.info udp
US 8.8.8.8:53 zkgsldl.com udp
US 8.8.8.8:53 rfwcbkj.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 lgmqzezefhc.info udp
US 8.8.8.8:53 mhoktmkpf.info udp
US 8.8.8.8:53 wjvnorsibr.info udp
US 8.8.8.8:53 ncrdbxr.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 kktgbof.net udp
US 8.8.8.8:53 awvmtqfqcgxa.info udp
US 8.8.8.8:53 aljiyzkufgo.net udp
US 8.8.8.8:53 ukrifobxhm.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 ksnelpckjan.info udp
US 8.8.8.8:53 qqbatsr.info udp
US 8.8.8.8:53 ccqiaocs.com udp
US 8.8.8.8:53 ewqypkiyu.info udp
US 8.8.8.8:53 agwkyw.org udp
US 8.8.8.8:53 miqeemsoua.org udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 fzxlrnnbpuhb.info udp
US 8.8.8.8:53 xhdztsfyg.com udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 exsxpkzd.net udp
US 8.8.8.8:53 uitcuruqyd.net udp
US 8.8.8.8:53 oesrwsp.info udp
US 8.8.8.8:53 gemiauau.org udp
US 8.8.8.8:53 mcgagq.com udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 nufndcbsztr.org udp
US 8.8.8.8:53 zonwziuqj.org udp
US 8.8.8.8:53 sgnnggoqacwg.info udp
US 8.8.8.8:53 ucrezc.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 kjssrc.info udp
US 8.8.8.8:53 mydujvzmh.net udp
US 8.8.8.8:53 xykbdyy.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 wdgbllvsu.net udp
US 8.8.8.8:53 rprorwnvpu.info udp
US 8.8.8.8:53 xjzrpmepzl.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 syfylgo.net udp
US 8.8.8.8:53 skokgk.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 gwxzsgouvi.info udp
US 8.8.8.8:53 fhxeuqcuk.org udp
US 8.8.8.8:53 yrfwmjuz.net udp
US 8.8.8.8:53 qgeqyc.org udp
US 8.8.8.8:53 uuzyetze.net udp
US 8.8.8.8:53 hmnwnbiyx.org udp
US 8.8.8.8:53 ycdkhpdkdyq.net udp
US 8.8.8.8:53 vkwslitadqv.org udp
US 8.8.8.8:53 akagqeoqcu.org udp
US 8.8.8.8:53 wgceuymw.org udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 gqochr.info udp
US 8.8.8.8:53 avhjmfuszlfz.net udp
US 8.8.8.8:53 hmhezvr.com udp
US 8.8.8.8:53 pypnfinkndbc.net udp
US 8.8.8.8:53 glazmclalnjq.info udp
US 8.8.8.8:53 fwzcxotpvnwx.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 voaqjkvfqu.net udp
US 8.8.8.8:53 ioxoncrnj.info udp
US 8.8.8.8:53 mxazdwajqr.net udp
US 8.8.8.8:53 bwadwuie.net udp
US 8.8.8.8:53 qouqkgygug.com udp
US 8.8.8.8:53 hxyypwalcqj.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 swwgquoc.com udp
US 8.8.8.8:53 plxyeb.net udp
US 8.8.8.8:53 ziekborfn.info udp
US 8.8.8.8:53 egwoee.com udp
US 8.8.8.8:53 ygmshyw.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ygnyhd.net udp
US 8.8.8.8:53 czrlbd.info udp
US 8.8.8.8:53 byqkbud.org udp
US 8.8.8.8:53 hrjdtn.net udp
US 8.8.8.8:53 dtlvfetidah.org udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 bllgtqoiqsyu.info udp
US 8.8.8.8:53 oicuvofdmab.net udp
US 8.8.8.8:53 xixaqejgz.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 revuncvwh.info udp
US 8.8.8.8:53 seiwqy.org udp
US 8.8.8.8:53 wmkerqb.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 emouiqoeey.com udp
US 8.8.8.8:53 iglgtdahtsm.info udp
US 8.8.8.8:53 zkvcfhdod.info udp
US 8.8.8.8:53 pyznnutt.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 wqxopepldat.info udp
US 8.8.8.8:53 lqsyzc.net udp
US 8.8.8.8:53 sefqteznn.info udp
US 8.8.8.8:53 ewayssyimayu.com udp
US 8.8.8.8:53 sehczr.info udp
US 8.8.8.8:53 iqffdnc.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 pdmrucfubtmk.net udp
US 8.8.8.8:53 xljrjsp.org udp
US 8.8.8.8:53 rjnypbap.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 dmnyptpqhkf.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 gcausooi.org udp
US 8.8.8.8:53 amvytwmmpyl.net udp
US 8.8.8.8:53 qwjuearsvlz.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 piqvtqqzww.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 oqmyoq.com udp
US 8.8.8.8:53 urpidmn.net udp
US 8.8.8.8:53 mslolyhwkov.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 sotfpofef.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 oazkreq.net udp
US 8.8.8.8:53 wsfxpojsfpck.net udp
US 8.8.8.8:53 zvpmtea.org udp
US 8.8.8.8:53 lisygqyyrvi.net udp
US 8.8.8.8:53 csxxbdpz.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 xkngfuhsvol.info udp
US 8.8.8.8:53 vdttvwt.net udp
US 8.8.8.8:53 yylpjmp.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 runsxfl.net udp
US 8.8.8.8:53 mglyesvca.info udp
US 8.8.8.8:53 vxlldv.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 dnclmcrprd.info udp
US 8.8.8.8:53 qyomkseugego.org udp
US 8.8.8.8:53 ossmtwvkqrx.info udp
US 8.8.8.8:53 utftxtcd.info udp
US 8.8.8.8:53 suuksgjskyn.net udp
US 8.8.8.8:53 cmicra.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 qeoggcyamgmq.com udp
US 8.8.8.8:53 trberutyvm.net udp
US 8.8.8.8:53 yusooomu.com udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 wgsuuewiumug.com udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 xtrzdr.net udp
US 8.8.8.8:53 magccnonlt.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 iovtfshfmj.net udp
US 8.8.8.8:53 vcdcdnmsd.org udp
US 8.8.8.8:53 yttzltpbba.info udp
US 8.8.8.8:53 vcpsunocjjc.com udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 kndiabxd.net udp
US 8.8.8.8:53 ayceaeogegmc.org udp
US 8.8.8.8:53 aojkbwfstty.net udp
US 8.8.8.8:53 nnbpnyl.net udp
US 8.8.8.8:53 dvdzsgvxczea.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 kiejqcfznz.info udp
US 8.8.8.8:53 kbyiqznaieb.net udp
US 8.8.8.8:53 jojczdwilgd.com udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 wutgtqbah.net udp
US 8.8.8.8:53 kagkwqssik.org udp
US 8.8.8.8:53 iedvvl.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 tkocfonid.org udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 yrnkbwrwtsry.net udp
US 8.8.8.8:53 uihnuzvguxh.info udp
US 8.8.8.8:53 vqjcyivgbub.com udp
US 8.8.8.8:53 rzojhevplo.net udp
US 8.8.8.8:53 oexbdowotgp.net udp
US 8.8.8.8:53 njckzucv.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 iifqtif.net udp
US 8.8.8.8:53 cusysu.org udp
US 8.8.8.8:53 yssguy.org udp
US 8.8.8.8:53 ddkrkh.info udp
US 8.8.8.8:53 oqxlwam.info udp
US 8.8.8.8:53 pszdvwo.info udp
US 8.8.8.8:53 hsgammbenkn.org udp
US 8.8.8.8:53 uuogdcue.net udp
US 8.8.8.8:53 mqptieyjq.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 thwwmxr.org udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 mmuqiw.com udp
US 8.8.8.8:53 yaywys.com udp
US 8.8.8.8:53 vplnjbndgb.info udp
US 8.8.8.8:53 eeguelsy.info udp
US 8.8.8.8:53 enweyw.net udp
US 8.8.8.8:53 xazvakduuuo.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ioracfvcgku.info udp
US 8.8.8.8:53 vyjyzy.info udp
US 8.8.8.8:53 okoqkqqkqqog.com udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 fzfgsgvn.net udp
US 8.8.8.8:53 zkmopuvab.net udp
US 8.8.8.8:53 stlgjcryu.net udp
US 8.8.8.8:53 okrezoibls.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 ukymhih.info udp
US 8.8.8.8:53 giwnsrhzikp.net udp
US 8.8.8.8:53 ngqrxu.info udp
US 8.8.8.8:53 mwwykcj.net udp
US 8.8.8.8:53 byjllzwmuylz.net udp
US 8.8.8.8:53 fbjwwqb.net udp
US 8.8.8.8:53 uriwfyn.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 kspwoad.net udp
US 8.8.8.8:53 zygonpqh.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 wpzyftbi.net udp
US 8.8.8.8:53 qkksoq.org udp
US 8.8.8.8:53 jhuheh.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 vmbsqsfsfafj.info udp
US 8.8.8.8:53 oexedeznfax.net udp
US 8.8.8.8:53 uxykswd.net udp
US 8.8.8.8:53 efqgewfovdtb.net udp
US 8.8.8.8:53 scqotodadiu.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 rbpcvkpnr.info udp
US 8.8.8.8:53 nwumnjov.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 woyznzwolkxd.info udp
US 8.8.8.8:53 soewsekawuem.com udp
US 8.8.8.8:53 xghgdttie.info udp
US 8.8.8.8:53 agaeocwk.com udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 gcjfmzxdrxnl.info udp
US 8.8.8.8:53 qteaexegpu.info udp
US 8.8.8.8:53 dwbqrycnj.com udp
US 8.8.8.8:53 udicwpp.net udp
US 8.8.8.8:53 wkiqqeouum.org udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 vmzcbrpqmnu.org udp
US 8.8.8.8:53 jljyxlkgjmxh.info udp
US 8.8.8.8:53 lsrpzqgehxb.com udp
US 8.8.8.8:53 hrgyviddjz.net udp
US 8.8.8.8:53 wmmcgqqioegs.org udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 fvdzfumeu.org udp
US 8.8.8.8:53 jtrgetcs.net udp
US 8.8.8.8:53 kcoyiscu.com udp
US 8.8.8.8:53 ahlgod.info udp
US 8.8.8.8:53 tgaqehrvhy.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 xygrzadrxw.net udp
US 8.8.8.8:53 guuyxfv.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 bzckluzaxh.net udp
US 8.8.8.8:53 omyxmuxanifs.info udp
US 8.8.8.8:53 vfoqlmoi.net udp
US 8.8.8.8:53 ayiaae.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 livumqzonrt.net udp
US 8.8.8.8:53 docsbqblcm.info udp
US 8.8.8.8:53 wkyaiyaq.com udp
US 8.8.8.8:53 lgyszoz.net udp
US 8.8.8.8:53 phtdqqiqcn.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 iwanidcgd.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 quziuqq.net udp
US 8.8.8.8:53 uotdtmhsujq.net udp
US 8.8.8.8:53 burszymam.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 xzorndrepw.info udp
US 8.8.8.8:53 ekkkam.org udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 qusklqf.net udp
US 8.8.8.8:53 couewqgwmqoi.com udp
US 8.8.8.8:53 enahnnfd.info udp
US 8.8.8.8:53 jzxeukc.info udp
US 8.8.8.8:53 lippduto.info udp
US 8.8.8.8:53 rwmwxyv.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 ayqqyucq.org udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 sihmfmo.net udp
US 8.8.8.8:53 pdlwqsf.com udp
US 8.8.8.8:53 cwjwvtdzsc.net udp
US 8.8.8.8:53 quymioom.org udp
US 8.8.8.8:53 vszyrsr.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 nvmnlg.net udp
US 8.8.8.8:53 kjvvoizpwutk.info udp
US 8.8.8.8:53 qsaygg.com udp
US 8.8.8.8:53 faudsjaz.net udp
US 8.8.8.8:53 jafjrrtwb.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 jrzfyflondu.com udp
US 8.8.8.8:53 smmkbeyiij.net udp
US 8.8.8.8:53 snhzhakufssh.info udp
US 8.8.8.8:53 jzvfhb.net udp
US 8.8.8.8:53 yvtrpyt.info udp
US 8.8.8.8:53 gwcxvqtytk.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 ciosomymsaam.org udp
US 8.8.8.8:53 islofirjz.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 nlzqfql.com udp
US 8.8.8.8:53 lafovgv.info udp
US 8.8.8.8:53 fwvhrqdkx.net udp
US 8.8.8.8:53 qwcecuawd.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 iuioekiyqm.org udp
US 8.8.8.8:53 vsxusclwir.net udp
US 8.8.8.8:53 syzioqlrx.info udp
US 8.8.8.8:53 pgophcaynzf.org udp
US 8.8.8.8:53 oyibjb.net udp
US 8.8.8.8:53 rayvcqwozmvj.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 bnkglyrmquz.com udp
US 8.8.8.8:53 xyibnqc.org udp
US 8.8.8.8:53 ewigsgkuycqo.org udp
US 8.8.8.8:53 bpdetxnsbszp.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 ooogqmia.org udp
US 8.8.8.8:53 pvqpflfb.net udp
US 8.8.8.8:53 sqecwgqm.org udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 odnwtcbyjwp.info udp
US 8.8.8.8:53 yacgigoemqcy.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 zidosj.net udp
US 8.8.8.8:53 vlvtck.info udp
US 8.8.8.8:53 mgcgoaswyy.org udp
US 8.8.8.8:53 mbgpufdgur.net udp
US 8.8.8.8:53 ltkbeyinwv.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 okasgwmsce.org udp
US 8.8.8.8:53 wqsqgu.org udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 apqaidfwpfzp.info udp
US 8.8.8.8:53 ndkgdeccv.org udp
US 8.8.8.8:53 iapkroxwkqh.net udp
US 8.8.8.8:53 cysgysgysg.org udp
US 8.8.8.8:53 wxwmiblxta.info udp
US 8.8.8.8:53 rrkialecisvj.info udp
US 8.8.8.8:53 eoxabffqacd.info udp

Files

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

MD5 88a3d7432ff5d5cee011047d7a3acb16
SHA1 9c5b95142911b292dc75e120545949a1dca72d12
SHA256 fa10ed2990ca760fb82fc16facf3d805f1a12ee3a8e5a723844cc1a0e3b88fcb
SHA512 3d0ff8fe2113ddb3f94bb4f041d7005e11681e4c912ce55f486722adef62df1bd36332fb489a2d61632980ba1f5a60dd8ef71697b21f199611b6010da3ca2147

C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe

MD5 bc2c2e6019e42289641123c2db3584dc
SHA1 e7b2c809bf63f0a3a362b2b5e4930a5a1b5c7d9b
SHA256 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
SHA512 f31491a41da42f042c41060fa394c5fe36afcb9edb1507d1119936c9f26c79b5a90945393d532b817f1b8007989800e1b823766673f3704154b32cb4ae99af6b

C:\Users\Admin\AppData\Local\Temp\knablo.exe

MD5 03d71d9923f836cfc10cfd03be8075f5
SHA1 20d6bf258bb94df36260023a2d1bf49953e7e0b4
SHA256 2b5bb2307024011817d2108b206656b9ce68c456986a2d3ee1c295b65c82db08
SHA512 d551cbd021acb3eb7e04cf0accbad79d1f90d1e7cc17ece456fd6825adda3851293232289e124d938001e5c4b486f5c472f66d1f271afd9acf792aeac087ae6e

C:\Users\Admin\AppData\Local\bzhdiglijfhiipfoisqyuzx.zaw

MD5 ae747c098f486e30205600a7f7886e0d
SHA1 4cb67e27f69ced2b97240d8464f96a3dd0e70ea4
SHA256 d9db6a8d1ad22ec4ae9044c45a73ad5488cf42bd25725718892f1995c20dd96c
SHA512 d48ad2017d3a065c8edd1e98e1166e5e5b37c0f51ad9a96d738edd2bc92009aa09197f0eadc8055fe56f2b7df28fc628547a2859d6211df8473a6f918906b559

C:\Users\Admin\AppData\Local\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip

MD5 71a442dbd3c2e6ccb4dc9f76903a30df
SHA1 d9110671f176f6f59db2f6d2a6c96a857a9a040d
SHA256 b039b6e4be834465e8a7e1a8e89a3c36b58b2fca36f042ad06a62f28cac775f6
SHA512 8e694d411b41623b8f6e12ca1ef875239a796c6e111eb9f0208e6b03521b5b7811f3723808878a703cbf8afba413761b05b78d1493b7fc8ca57247a8f6c4a99a

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 bdc42c30c77e6ed4948043c539f9ef43
SHA1 3e357656b7edf04bc2afa73a8d6337ee2db3e191
SHA256 308073b5eca8f49866b535426e085feacc1e9c642a639567632d23aa719e77b5
SHA512 3195b332ee92f91a5f363720b7b505a25b1f76b692fc2314e9af3576c70e6dd95b8c2f568e60110406bea705c68e59aa407052b1c814f23f9ff4b39b49c0e5f3

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 1e3c1ea6cc107016b2fd9af43313cc67
SHA1 d94b3087efc4356138914a56142cf5564fdf338e
SHA256 5435ce3e88b8426f22cc86fb00846649d894bb8ab7071519b6ffdaa627d1a014
SHA512 55c2da45df8940aa313f4783e4fdbec0ce6c94ba288b6fbffd4977b95769fa79038029ee831585842ea6d1345a61666d785725701d83947b83d4cb2551fe599c

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 5d3c43fc2a24442d4c5baf7c73e2a2cf
SHA1 b1bdd21417a94048c87b81284fc81b61a597ddb3
SHA256 309b978137b147de35517ac75536a74500cdaf93a3b6fb798b709474760d5556
SHA512 3d80fe9cb4f60ccf3b0779852c795fa310b1887f7887aa599847f1f5ca3f22375790c0d4ffa469fb37a5dbec97fec2f3ac8abebcb2fd21aa420b3eadce693e13

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 00b8f845024cd2feb0ffdd9108ae05b9
SHA1 1046e79173ba51887474ac1addb20e25562c5660
SHA256 6c0a673146d96a143a140064f9ecf08d75b8295f3efdda9a65581918e7638df4
SHA512 2a6b521508c14987823a8c1a43b60f1384bd338a58235de1602acb23ede4fb54c0e05008bc7736bd740fdaa1989c63518a5242eb5dc6dd53f3b1c9074adb48f4

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 ec44eaf95d0f8db1e41fa67bcffb7b26
SHA1 40d129f160d1268cb4651ad0c03cec048b805895
SHA256 53af6610eb266b7605342ead87ba39e3af29156121effccbadcc9c276c93a2a2
SHA512 6ea98ec1602a1b912862067bb68c39c7672ca7afdab461dfb10a3cea6b6788a98cadd430d12ae4a2e33a88cdfb358a9d4ba7f9be218a2fe6533f6ed142fe9cf0

C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw

MD5 dd0580b4ffb750aa059d10910c2383f7
SHA1 3c091fb5428e24ed0bc24be8e74a5d5f53c3022a
SHA256 a4de47b4d0c204ea52bc1673357a27559566f09fbbda2de6bfc59bd2b54e1c20
SHA512 316ba05d034a68d79f12e4e3af35836f4e6f77d3f8adfa7a443778699de92d1a1d3557ce9b53ea4dd12a9eacd4e9ce11c61615dd0f7b0a7006ff02882c3a76e4

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-18 02:23

Reported

2025-04-18 02:26

Platform

win11-20250410-en

Max time kernel

54s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ysgexkhwukolgjpjnic.exe N/A
N/A N/A C:\Windows\ewievgbokyavoptln.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Windows\ysgexkhwukolgjpjnic.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Windows\ewievgbokyavoptln.exe N/A
N/A N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
N/A N/A C:\Windows\ysgexkhwukolgjpjnic.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Windows\ysgexkhwukolgjpjnic.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ysgexkhwukolgjpjnic.exe N/A
N/A N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
N/A N/A C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Windows\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Windows\ewievgbokyavoptln.exe N/A
N/A N/A C:\Windows\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "lgvuocaqpgljfjqlqmhc.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ngtqiuqebqtpjlqjmg.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ysgexkhwukolgjpjnic.exe" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ysgexkhwukolgjpjnic.exe ." C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "awmmhwvmmekjgltpvsoka.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ngtqiuqebqtpjlqjmg.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File created C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File created C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\SysWOW64\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File created C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Program Files (x86)\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File created C:\Program Files (x86)\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\komuxubaiiwdivlpdimqowzwd.kky C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
File opened for modification C:\Windows\xozukuoavijdvvyp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\rofgcssklelljpyvcaxulm.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\awmmhwvmmekjgltpvsoka.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ngtqiuqebqtpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lgvuocaqpgljfjqlqmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\awmmhwvmmekjgltpvsoka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ewievgbokyavoptln.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2980 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2980 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1528 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 1528 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 1528 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 3268 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 3268 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 3268 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 5064 wrote to memory of 2480 N/A C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5064 wrote to memory of 2480 N/A C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5064 wrote to memory of 2480 N/A C:\Windows\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4904 wrote to memory of 5524 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 4904 wrote to memory of 5524 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 4904 wrote to memory of 5524 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 4556 wrote to memory of 3200 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 4556 wrote to memory of 3200 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 4556 wrote to memory of 3200 N/A C:\Windows\system32\cmd.exe C:\Windows\ysgexkhwukolgjpjnic.exe
PID 4040 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 4040 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 4040 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 3200 wrote to memory of 540 N/A C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 3200 wrote to memory of 540 N/A C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 3200 wrote to memory of 540 N/A C:\Windows\ysgexkhwukolgjpjnic.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4816 wrote to memory of 4804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
PID 4816 wrote to memory of 4804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
PID 4816 wrote to memory of 4804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
PID 4804 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4804 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4804 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 6076 wrote to memory of 5420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 6076 wrote to memory of 5420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 6076 wrote to memory of 5420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
PID 5152 wrote to memory of 1564 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
PID 5152 wrote to memory of 1564 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
PID 5152 wrote to memory of 1564 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
PID 1564 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1564 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1564 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2132 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 2132 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 2132 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 2132 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 2132 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 2132 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\lstekk.exe
PID 3040 wrote to memory of 1240 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 3040 wrote to memory of 1240 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 3040 wrote to memory of 1240 N/A C:\Windows\system32\cmd.exe C:\Windows\ewievgbokyavoptln.exe
PID 5940 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 5940 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 5940 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 1112 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 1112 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 1112 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Windows\lgvuocaqpgljfjqlqmhc.exe
PID 4644 wrote to memory of 1348 N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Windows\System32\Conhost.exe
PID 4644 wrote to memory of 1348 N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Windows\System32\Conhost.exe
PID 4644 wrote to memory of 1348 N/A C:\Windows\lgvuocaqpgljfjqlqmhc.exe C:\Windows\System32\Conhost.exe
PID 1620 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 1620 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 1620 wrote to memory of 2068 N/A C:\Windows\system32\cmd.exe C:\Windows\ngtqiuqebqtpjlqjmg.exe
PID 3728 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3728 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3728 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2068 wrote to memory of 3100 N/A C:\Windows\ngtqiuqebqtpjlqjmg.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lstekk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bc2c2e6019e42289641123c2db3584dc.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\lstekk.exe

"C:\Users\Admin\AppData\Local\Temp\lstekk.exe" "-C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe"

C:\Users\Admin\AppData\Local\Temp\lstekk.exe

"C:\Users\Admin\AppData\Local\Temp\lstekk.exe" "-C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Windows\lgvuocaqpgljfjqlqmhc.exe

lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe

C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe

C:\Windows\ewievgbokyavoptln.exe

ewievgbokyavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\ngtqiuqebqtpjlqjmg.exe

ngtqiuqebqtpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe

C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hhbtihxynfljfjqlqmdd.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\hhbtihxynfljfjqlqmdd.exe

hhbtihxynfljfjqlqmdd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\utmdrpeesjolgjpjniy.exe

utmdrpeesjolgjpjniy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\utmdrpeesjolgjpjniy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe

C:\Windows\jhzpcznmzptpjlqjmg.exe

jhzpcznmzptpjlqjmg.exe

C:\Windows\ysgexkhwukolgjpjnic.exe

ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe .

C:\Windows\wxslbbsukdkjgltpvsklg.exe

wxslbbsukdkjgltpvsklg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\wxslbbsukdkjgltpvsklg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jhzpcznmzptpjlqjmg.exe*."

C:\Windows\xozukuoavijdvvyp.exe

xozukuoavijdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Windows\awmmhwvmmekjgltpvsoka.exe

awmmhwvmmekjgltpvsoka.exe .

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe

C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\wxslbbsukdkjgltpvsklg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
NL 142.250.153.93:80 www.youtube.com tcp
LT 78.61.84.37:30728 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 xbphsalajvww.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 syhynijipma.info udp
US 8.8.8.8:53 dvfkvhmu.net udp
US 8.8.8.8:53 fgdqnmbcd.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 okrilkjkoes.info udp
US 8.8.8.8:53 xtofap.info udp
US 8.8.8.8:53 mzerlrfgle.info udp
US 8.8.8.8:53 vqrkjozybof.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 unxyhnhfacdb.info udp
US 8.8.8.8:53 gihpskmkngt.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 owcgkkmsoi.org udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 rtfavyy.org udp
US 8.8.8.8:53 cskgkegcqyga.org udp
US 8.8.8.8:53 xsdxyqd.com udp
US 8.8.8.8:53 jhvkrt.info udp
US 8.8.8.8:53 dybwrkb.info udp
US 8.8.8.8:53 jpwuwbem.info udp
US 8.8.8.8:53 xyxgjur.info udp
US 8.8.8.8:53 ixfavmme.info udp
US 8.8.8.8:53 tghclnarytma.info udp
US 8.8.8.8:53 ublzoyngp.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 rnhvhfzmlcg.org udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 hcdmrpdgqut.org udp
US 8.8.8.8:53 ronmvebyigb.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 pjelgigr.net udp
US 8.8.8.8:53 uxrqiwtcm.info udp
US 8.8.8.8:53 biqofmc.info udp
US 8.8.8.8:53 ehwokz.info udp
US 8.8.8.8:53 tsvfxx.net udp
US 8.8.8.8:53 lopwdmsal.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 qarsjiqwl.net udp
US 8.8.8.8:53 abzrrfn.net udp
US 8.8.8.8:53 eadopseruoy.info udp
US 8.8.8.8:53 jfludhaebi.net udp
US 8.8.8.8:53 hkxwtqh.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 jwnqhrhupyg.net udp
US 8.8.8.8:53 zekxugtb.net udp
US 8.8.8.8:53 okrezoibls.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 kowugiqukueq.org udp
US 8.8.8.8:53 misqhodbt.info udp
US 8.8.8.8:53 jgbkhchc.info udp
US 8.8.8.8:53 zohwdul.org udp
US 8.8.8.8:53 pmytnthafaeg.info udp
US 8.8.8.8:53 lpfhjzqc.info udp
US 8.8.8.8:53 gwtrxn.net udp
US 8.8.8.8:53 eiigwq.org udp
US 8.8.8.8:53 mifajqicbnfb.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 cwqoag.com udp
US 8.8.8.8:53 opkaxosltcd.net udp
US 8.8.8.8:53 bcnzdi.info udp
US 8.8.8.8:53 yaxgrkdcf.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 oqkgggsqooac.org udp
US 8.8.8.8:53 hsfoamscdag.com udp
US 8.8.8.8:53 fkgidsdepmn.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 gaomsygwas.com udp
US 8.8.8.8:53 ravivgz.net udp
US 8.8.8.8:53 iowglhtdvuf.info udp
US 8.8.8.8:53 rcjsrxxym.org udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 kmcudehty.net udp
US 8.8.8.8:53 rqtnbagptr.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 zkvwhchn.net udp
US 8.8.8.8:53 dsinaazt.net udp
US 8.8.8.8:53 wgkgwyv.info udp
US 8.8.8.8:53 npfcysr.com udp
US 8.8.8.8:53 izdallnnr.net udp
US 8.8.8.8:53 lvnxngt.org udp
US 8.8.8.8:53 eudgrbr.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 hsbbvij.net udp
US 8.8.8.8:53 cseafebdz.net udp
US 8.8.8.8:53 dbjwxvpudjaq.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 ncygjob.org udp
US 8.8.8.8:53 ihdttuysvtsf.info udp
US 8.8.8.8:53 fflynxkodvrx.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 rgnxfmvgd.info udp
US 8.8.8.8:53 ywouucio.org udp
US 8.8.8.8:53 wgsuma.com udp
US 8.8.8.8:53 gnemeibvkmga.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 ccbvmtlov.net udp
US 8.8.8.8:53 xmnfnshmlik.info udp
US 8.8.8.8:53 rrswfdrbpvts.info udp
US 8.8.8.8:53 hqrdwt.info udp
US 8.8.8.8:53 iiucmioi.org udp
US 8.8.8.8:53 bklljpa.info udp
US 8.8.8.8:53 zatkpghdjbby.info udp
US 8.8.8.8:53 jathakk.com udp
US 8.8.8.8:53 rorxuz.net udp
US 8.8.8.8:53 aitqbvc.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 hhqgdzboa.net udp
US 8.8.8.8:53 pzdwoonvvfbp.net udp
US 8.8.8.8:53 hvskrgp.com udp
US 8.8.8.8:53 sirybi.info udp
US 8.8.8.8:53 gjxescawxqw.info udp
US 8.8.8.8:53 eoswowoy.org udp
US 8.8.8.8:53 ieeosqw.info udp
US 8.8.8.8:53 tglfwp.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 jnxaaglmxvtt.info udp
US 8.8.8.8:53 qsdskgrthg.net udp
US 8.8.8.8:53 xpnehaneq.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 dprtdswpa.info udp
US 8.8.8.8:53 ciqbltpbwjps.net udp
US 8.8.8.8:53 lczwbwl.com udp
US 8.8.8.8:53 euwqme.com udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 qkuikw.com udp
US 8.8.8.8:53 dmdelltgyx.info udp
US 8.8.8.8:53 rfrzsqxkupvo.net udp
US 8.8.8.8:53 lehwccq.info udp
US 8.8.8.8:53 iuaosass.com udp
US 8.8.8.8:53 ssdkrnsww.net udp
US 8.8.8.8:53 ugugugwkqi.com udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 xvmuvilgbpw.com udp
US 8.8.8.8:53 faudsjaz.net udp
US 8.8.8.8:53 yborpcroi.net udp
US 8.8.8.8:53 aekomskw.org udp
US 8.8.8.8:53 edfsxaz.net udp
US 8.8.8.8:53 rsvmxqx.com udp
US 8.8.8.8:53 vgpnmmdod.info udp
US 8.8.8.8:53 xdqwmlzsky.info udp
US 8.8.8.8:53 pvpkrop.net udp
US 8.8.8.8:53 vdqopwmj.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 xxribuywl.com udp
US 8.8.8.8:53 igvdmezqf.info udp
US 8.8.8.8:53 boxftnzj.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 rrvnbr.info udp
US 8.8.8.8:53 tkhkmpykrv.info udp
US 8.8.8.8:53 pubqxfzpobxa.net udp
US 8.8.8.8:53 uhfpakwhg.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 iuioekiyqm.org udp
US 8.8.8.8:53 hwmgxumed.com udp
US 8.8.8.8:53 jkmgksvtsaso.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 bnkglyrmquz.com udp
US 8.8.8.8:53 gsymkgcq.org udp
US 8.8.8.8:53 tvjamwoum.org udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 kocojtdghroj.info udp
US 8.8.8.8:53 kmcowrcbqsv.net udp
US 8.8.8.8:53 acsutsiglwp.net udp
US 8.8.8.8:53 jscepnswt.info udp
US 8.8.8.8:53 sesiww.org udp
US 8.8.8.8:53 pvqpflfb.net udp
US 8.8.8.8:53 jkdjdsukt.net udp
US 8.8.8.8:53 xwpgpqdflo.info udp
US 8.8.8.8:53 yacgigoemqcy.org udp
US 8.8.8.8:53 vbdkvycpez.net udp
US 8.8.8.8:53 ozpbbxyihssf.info udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 mffqzcqrxzqy.info udp
US 8.8.8.8:53 ceoldj.net udp
US 8.8.8.8:53 gqycmugiau.com udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 oynqiorbam.net udp
US 8.8.8.8:53 yttuxwfcyy.net udp
US 8.8.8.8:53 uakxxs.net udp
US 8.8.8.8:53 sbcflwtwa.info udp
US 8.8.8.8:53 ynxdfrnwlk.net udp
US 8.8.8.8:53 ajhlzlia.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 watywwaoiwv.net udp
US 8.8.8.8:53 zfoazfbyuh.net udp
US 8.8.8.8:53 cdcxbtgcbn.info udp
US 8.8.8.8:53 hasduix.org udp
US 8.8.8.8:53 lwfaqcduobl.net udp
US 8.8.8.8:53 eusywo.com udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 hglnkxvuhoyk.info udp
US 8.8.8.8:53 uueqasky.org udp
US 8.8.8.8:53 smyuyemuas.org udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 hfwsfqigg.org udp
US 8.8.8.8:53 rkxphsltr.net udp
US 8.8.8.8:53 zlvwmbrqd.com udp
US 8.8.8.8:53 wafujalhu.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 jfqeeola.info udp
US 8.8.8.8:53 slnfwv.info udp
US 8.8.8.8:53 owsgaqgwqasq.org udp
US 8.8.8.8:53 sksxqaatrsuf.info udp
US 8.8.8.8:53 sanxpcu.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 emwcyu.org udp
US 8.8.8.8:53 gwxwpjcj.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 xzwlfppw.info udp
US 8.8.8.8:53 kiswyo.org udp
US 8.8.8.8:53 nyxqttsmtpuk.net udp
US 8.8.8.8:53 vuhlvoeghaf.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 yudnrizah.net udp
US 8.8.8.8:53 qwhcqj.info udp
US 8.8.8.8:53 uamoka.com udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 qyciek.com udp
US 8.8.8.8:53 waynmqykrcmw.net udp
US 8.8.8.8:53 bxzzbblcdnar.info udp
US 8.8.8.8:53 lfjidgxyzdie.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 kkadue.net udp
US 8.8.8.8:53 rriosl.info udp
US 8.8.8.8:53 wmuogepoy.info udp
US 8.8.8.8:53 fkchgxzxfcrp.info udp
US 8.8.8.8:53 afjpvqji.net udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 agxjfepe.net udp
US 8.8.8.8:53 iypezsvru.info udp
US 8.8.8.8:53 kouasfgmljzp.net udp
US 8.8.8.8:53 gocycugceamm.com udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 htyxbehinw.net udp
US 8.8.8.8:53 lliynip.com udp
US 8.8.8.8:53 vgyevumg.net udp
US 8.8.8.8:53 hwevtzzy.info udp
US 8.8.8.8:53 xxilva.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 zwturol.info udp
US 8.8.8.8:53 wezqhcjtrwx.net udp
US 8.8.8.8:53 iitpjivmy.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 bcvendpjqzgc.info udp
US 8.8.8.8:53 ommwwsoo.org udp
US 8.8.8.8:53 kmchcizb.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 mghbelbqb.net udp
US 8.8.8.8:53 xhrkcm.net udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 xisprymyd.org udp
US 8.8.8.8:53 rpvrlcnpupqc.info udp
US 8.8.8.8:53 owuucyeeiwyu.com udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 mfygtfz.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 qwjoyhzt.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 mbdgpxjkghsq.info udp
US 8.8.8.8:53 exzsbk.info udp
US 8.8.8.8:53 bzdiddlawz.net udp
US 8.8.8.8:53 yszyydx.net udp
US 8.8.8.8:53 yjmoaquui.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 hgjkxaqblgx.com udp
US 8.8.8.8:53 sccljetd.info udp
US 8.8.8.8:53 hcfekbeu.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 hefqtblkxyjf.net udp
US 8.8.8.8:53 hethdodqpzl.org udp
US 8.8.8.8:53 buradqzjvet.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 xmejptjt.net udp
US 8.8.8.8:53 numkvkx.org udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 dbrddpvr.net udp
US 8.8.8.8:53 csouae.org udp
US 8.8.8.8:53 sukkwgwymmsw.com udp
US 8.8.8.8:53 uqcjez.net udp
US 8.8.8.8:53 gqwagymo.org udp
US 8.8.8.8:53 wyfkuprkz.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 abnvckjmjwi.info udp
US 8.8.8.8:53 wiwwvowob.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 boigpyzm.info udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 mormovgqnfj.net udp
US 8.8.8.8:53 bfhfhdbdge.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 ncuckg.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 oktswarrp.net udp
US 8.8.8.8:53 vtfvygzckh.info udp
US 8.8.8.8:53 rfqbakuoahol.net udp
US 8.8.8.8:53 beosaxhkyrqf.net udp
US 8.8.8.8:53 zzwpverv.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 dkbeewi.org udp
US 8.8.8.8:53 piqcrvba.info udp
US 8.8.8.8:53 fvjbvsafdvxe.net udp
US 8.8.8.8:53 pwmpluygkwv.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 mwkcammcessa.com udp
US 8.8.8.8:53 sudvtedez.info udp
US 8.8.8.8:53 bdrlitmr.net udp
US 8.8.8.8:53 weeggwiecyam.org udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 wcmcgymwia.com udp

Files

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

MD5 88a3d7432ff5d5cee011047d7a3acb16
SHA1 9c5b95142911b292dc75e120545949a1dca72d12
SHA256 fa10ed2990ca760fb82fc16facf3d805f1a12ee3a8e5a723844cc1a0e3b88fcb
SHA512 3d0ff8fe2113ddb3f94bb4f041d7005e11681e4c912ce55f486722adef62df1bd36332fb489a2d61632980ba1f5a60dd8ef71697b21f199611b6010da3ca2147

C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe

MD5 bc2c2e6019e42289641123c2db3584dc
SHA1 e7b2c809bf63f0a3a362b2b5e4930a5a1b5c7d9b
SHA256 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
SHA512 f31491a41da42f042c41060fa394c5fe36afcb9edb1507d1119936c9f26c79b5a90945393d532b817f1b8007989800e1b823766673f3704154b32cb4ae99af6b

C:\Users\Admin\AppData\Local\Temp\lstekk.exe

MD5 aea48b657074ff550e07304403b29100
SHA1 f30b7a5f55e05a64208a31605224aaeaa5bfbd35
SHA256 51f255bbf586765c73529235200c9e68de80d46c0e3497f53c6efe5e37ffd396
SHA512 958d60a7a4a6d62b7d6cdf77f63923870f1805f3197e1a30114844f5caf60c38ec9c99f95eaae57ce42484ab3da8b4d2543ded5512bbeb35b411c3734033eb4d

C:\Users\Admin\AppData\Local\komuxubaiiwdivlpdimqowzwd.kky

MD5 883f35e71c7ad697018a442c856d40dc
SHA1 f556f7e4a829af42a8d651174753589a12016f80
SHA256 9d9a579820c9b1f6670edc8cdd88c2cc99ec111c21b1e06a469428b888806a87
SHA512 86ebf70ea10c36285bcc7e4385187ecee2268c0f69b3d94645a60b742a5c629143b1b1173f3461b94466de80675e7e976d70d33983e8ec1ca4dc08669d9355e7

C:\Users\Admin\AppData\Local\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq

MD5 bbcb9c61de2fead078d367999a008d84
SHA1 001b25502a0aa4b3b7b1c2aec304df9524d04622
SHA256 1b49afffe996a41db1eaa1a28fddec333b134038db07c6cb6920964dfe3d8817
SHA512 21bf756dbe6dcf8f10b03a1b2b8cc688970f9576142335cf87b2ed6c5ec99fca5a9541ad6209350c22e031f1c90a6ef4e71425ec57e725a6157918d8138b9099

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 26a36d35cfa38ce71a16b51e6ebf8a95
SHA1 eb3cd9e420f8e3674347f8e0218946b898d9b8bc
SHA256 b0d749485319438ad14b8a872e4126966a15afdbc558c54e338417c73e36cbec
SHA512 a6f9341a364defd262cd14769e70b0d1bdf7275d630ee7373337b26b3c03803892ec7cc9abaec2cd594ec07fcbd6c85eb432ed93787d5aebfe7931ea418cb4a0

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 27a3a2561fce17daf7a2a005eb0fb2b2
SHA1 8477cbf147b46b9350e5d79fe6445c0847de9d91
SHA256 aa99d3a571781d7b4d19f0861a36eb68e536eb46ef408205e3757456d0c01784
SHA512 982203f0e41f7a430eb04f15375ff66da7ef8e3a5ee49bfc2da710b744b082cd3cc0de3dcf09ba4d35df5edbe8c9e2c0a968fff6427edfe2591e39aeb221c4ed

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 f0f27964321abd49aa5ee267d78f14af
SHA1 76ad7387cedeeb380ebf9854a090913355a5d78d
SHA256 ecb16faa4eec922b1510bfefca65f4edf747cd258a8b6a4b9f9f777a22d2d608
SHA512 89fec8322578668954b12f95fb423a7a18852f49e3a54b76609607126130de55219c16cf3b35a8478b9b4d92f7eb22d25e09450f4ba722dd5f88c5e50652039a

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 341e61c7e1f076c39c5e92ed3d17a9d4
SHA1 2fb76fd740e370e921c023ad986716e4b50bf971
SHA256 1f85144cef6ac30e2069c6f587049fd6a9dc334e0887c386cf64b2d3eaa23f4f
SHA512 a2a66242b3861cba74a77ebfe68b8aa26f029c2c975b05191f4abe66518f58e61a20b1dd15152d1eb705d60d6959ab4cc69dd26978059cabd0e88fffd49dc0d7

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 a09fe09823cbf8f2b2f7cbdd6c145d53
SHA1 c3b3e638ece81959cbbe8689442ec6903f41869b
SHA256 5cb1116b3790f7660d05abe2d48596dc71ec231836b5d4a4a2ccef7205d28f39
SHA512 65b59012ba14a2a7a1ff1cac19e06e698e57206a008e3a6378554d4a053abc4bc2f3517004b48640bba8c2a545e5aeae8ce1fa85400327da7608003e8c289edc

C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky

MD5 beca6599d14614cef223e120cafef033
SHA1 983f1fe0b2d6f4f225c5b66811bf067d05a3454b
SHA256 dd29ce2a68b7c44b9ada1f4c58641a50014a7ba76a06a6672516170b09c76c8b
SHA512 196e91a9aa73b6c32c52acf6bb45c748533798ad106aab149350186b3360371d653e344f10bd9992900f6c30952660e5304b90cf91d8bf9ec4fca95c7f2fac19