Malware Analysis Report

2025-08-10 16:35

Sample ID 250418-cx838s1rs5
Target JaffaCakes118_bc2c2e6019e42289641123c2db3584dc
SHA256 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af

Threat Level: Known bad

The file JaffaCakes118_bc2c2e6019e42289641123c2db3584dc was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa family

Pykspa

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops autorun.inf file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 02:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 02:28

Reported

2025-04-18 02:31

Platform

win11-20250410-en

Max time kernel

54s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mfsevhulzhjzcj = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pfpymvfteji = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Windows\upeslzohxhldirft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\khyojzqldpvpwhxnan.exe N/A
N/A N/A C:\Windows\khyojzqldpvpwhxnan.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Windows\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Windows\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Windows\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\upeslzohxhldirft.exe N/A
N/A N/A C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Windows\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\upeslzohxhldirft.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Windows\bxncwlbvmxcvblapb.exe N/A
N/A N/A C:\Windows\upeslzohxhldirft.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
N/A N/A C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe N/A
N/A N/A C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihasphaxrfnjsfxpeted.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "bxncwlbvmxcvblapb.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bxncwlbvmxcvblapb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\khyojzqldpvpwhxnan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "upeslzohxhldirft.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\khyojzqldpvpwhxnan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bxncwlbvmxcvblapb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\khyojzqldpvpwhxnan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "ihasphaxrfnjsfxpeted.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bxncwlbvmxcvblapb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihasphaxrfnjsfxpeted.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxncwlbvmxcvblapb.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ldpaqbndqxynp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\upeslzohxhldirft = "khyojzqldpvpwhxnan.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bxncwlbvmxcvblapb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe ." C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "upeslzohxhldirft.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\khyojzqldpvpwhxnan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khyojzqldpvpwhxnan.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bxncwlbvmxcvblapb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upeslzohxhldirft.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrkibvtodmjthatjzllf.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlcyphdwjqltfwnbpz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\khyojzqldpvpwhxnan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\mdoynxixjppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihasphaxrfnjsfxpeted.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjxkcpdvktwnrzm = "bxncwlbvmxcvblapb.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\SysWOW64\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Program Files (x86)\mdoynxixjppdejtdkrulwgvfqfrxxlmrbl.zct C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Program Files (x86)\mdoynxixjppdejtdkrulwgvfqfrxxlmrbl.zct C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\opkedxsrndnlwlfzqhuvqk.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File created C:\Windows\mdoynxixjppdejtdkrulwgvfqfrxxlmrbl.zct C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File created C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
File opened for modification C:\Windows\xxrkibvtodmjthatjzllf.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihasphaxrfnjsfxpeted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihasphaxrfnjsfxpeted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khyojzqldpvpwhxnan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxncwlbvmxcvblapb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlcyphdwjqltfwnbpz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrkibvtodmjthatjzllf.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3728 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3728 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3728 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3812 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 3812 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 3812 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 776 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\upeslzohxhldirft.exe
PID 776 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\upeslzohxhldirft.exe
PID 776 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\upeslzohxhldirft.exe
PID 4848 wrote to memory of 4892 N/A C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4848 wrote to memory of 4892 N/A C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4848 wrote to memory of 4892 N/A C:\Windows\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5500 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 5500 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 5500 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 4964 wrote to memory of 3964 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 4964 wrote to memory of 3964 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 4964 wrote to memory of 3964 N/A C:\Windows\system32\cmd.exe C:\Windows\khyojzqldpvpwhxnan.exe
PID 3964 wrote to memory of 3388 N/A C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3964 wrote to memory of 3388 N/A C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3964 wrote to memory of 3388 N/A C:\Windows\khyojzqldpvpwhxnan.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 2016 wrote to memory of 900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 2016 wrote to memory of 900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 2016 wrote to memory of 900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 2472 wrote to memory of 3672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 2472 wrote to memory of 3672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 2472 wrote to memory of 3672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe
PID 3672 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3672 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3672 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5052 wrote to memory of 3300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 5052 wrote to memory of 3300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 5052 wrote to memory of 3300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 5460 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 5460 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 5460 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe
PID 4244 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4244 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4244 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3316 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3316 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3316 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3316 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3316 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3316 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\xhlow.exe
PID 3432 wrote to memory of 3140 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 3432 wrote to memory of 3140 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 3432 wrote to memory of 3140 N/A C:\Windows\system32\cmd.exe C:\Windows\xxrkibvtodmjthatjzllf.exe
PID 5692 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 5692 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 5692 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 3936 wrote to memory of 2028 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 3936 wrote to memory of 2028 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 3936 wrote to memory of 2028 N/A C:\Windows\system32\cmd.exe C:\Windows\bxncwlbvmxcvblapb.exe
PID 2028 wrote to memory of 2992 N/A C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 2028 wrote to memory of 2992 N/A C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 2028 wrote to memory of 2992 N/A C:\Windows\bxncwlbvmxcvblapb.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3712 wrote to memory of 3472 N/A C:\Windows\system32\cmd.exe C:\Windows\ihasphaxrfnjsfxpeted.exe
PID 3712 wrote to memory of 3472 N/A C:\Windows\system32\cmd.exe C:\Windows\ihasphaxrfnjsfxpeted.exe
PID 3712 wrote to memory of 3472 N/A C:\Windows\system32\cmd.exe C:\Windows\ihasphaxrfnjsfxpeted.exe
PID 3472 wrote to memory of 1480 N/A C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3472 wrote to memory of 1480 N/A C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3472 wrote to memory of 1480 N/A C:\Windows\ihasphaxrfnjsfxpeted.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 1600 wrote to memory of 2736 N/A C:\Windows\system32\cmd.exe C:\Windows\upeslzohxhldirft.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhlow.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bc2c2e6019e42289641123c2db3584dc.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\xhlow.exe

"C:\Users\Admin\AppData\Local\Temp\xhlow.exe" "-C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe"

C:\Users\Admin\AppData\Local\Temp\xhlow.exe

"C:\Users\Admin\AppData\Local\Temp\xhlow.exe" "-C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khyojzqldpvpwhxnan.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\khyojzqldpvpwhxnan.exe

khyojzqldpvpwhxnan.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\khyojzqldpvpwhxnan.exe*."

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\bxncwlbvmxcvblapb.exe*."

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\vtlcyphdwjqltfwnbpz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe

C:\Users\Admin\AppData\Local\Temp\ihasphaxrfnjsfxpeted.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxncwlbvmxcvblapb.exe .

C:\Windows\bxncwlbvmxcvblapb.exe

bxncwlbvmxcvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\bxncwlbvmxcvblapb.exe*."

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe .

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe .

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\vtlcyphdwjqltfwnbpz.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe

C:\Users\Admin\AppData\Local\Temp\xxrkibvtodmjthatjzllf.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\xxrkibvtodmjthatjzllf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrkibvtodmjthatjzllf.exe

C:\Windows\xxrkibvtodmjthatjzllf.exe

xxrkibvtodmjthatjzllf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihasphaxrfnjsfxpeted.exe .

C:\Windows\ihasphaxrfnjsfxpeted.exe

ihasphaxrfnjsfxpeted.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\bxncwlbvmxcvblapb.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ihasphaxrfnjsfxpeted.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe

C:\Users\Admin\AppData\Local\Temp\upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Users\Admin\AppData\Local\Temp\vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\khyojzqldpvpwhxnan.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\khyojzqldpvpwhxnan.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

C:\Windows\vtlcyphdwjqltfwnbpz.exe

vtlcyphdwjqltfwnbpz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upeslzohxhldirft.exe .

C:\Windows\upeslzohxhldirft.exe

upeslzohxhldirft.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\upeslzohxhldirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlcyphdwjqltfwnbpz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
NL 142.250.153.136:80 www.youtube.com tcp
LT 78.61.84.37:30728 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 oqpueadiu.info udp
US 8.8.8.8:53 dscesxdpr.info udp
US 8.8.8.8:53 uioslo.net udp
US 8.8.8.8:53 unxyhnhfacdb.info udp
US 8.8.8.8:53 telgzgb.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 bopunjusjat.com udp
US 8.8.8.8:53 uogedjqtvfzn.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 hujafqjqvop.com udp
US 8.8.8.8:53 jlzknyfma.net udp
US 8.8.8.8:53 fgzztozvljrc.net udp
US 8.8.8.8:53 alisjad.info udp
US 8.8.8.8:53 ugrwpahat.info udp
US 8.8.8.8:53 kedyiorokn.net udp
GB 184.50.115.89:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
FR 51.11.192.49:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 rkcplkbir.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 dxbbpapgt.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 agbugeqtssj.info udp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 rhxuqchemcp.info udp
US 8.8.8.8:53 tutczuf.info udp
US 8.8.8.8:53 aiseiuymcico.com udp
US 8.8.8.8:53 rrscifnk.info udp
US 8.8.8.8:53 aaftpevwng.net udp
US 8.8.8.8:53 iowglhtdvuf.info udp
US 8.8.8.8:53 kjkypkrjhvgn.info udp
US 8.8.8.8:53 ycoequugkyic.com udp
US 8.8.8.8:53 vmuydfkdvn.info udp
US 8.8.8.8:53 iapkroxwkqh.net udp
US 8.8.8.8:53 nehgbbj.com udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 htyxbehinw.net udp
US 8.8.8.8:53 macycgogqqic.org udp
US 8.8.8.8:53 itoujqvn.net udp
US 8.8.8.8:53 rwneninkjwr.info udp
US 8.8.8.8:53 pbspki.info udp
US 8.8.8.8:53 zpkorqjsh.org udp
US 8.8.8.8:53 jytuhr.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 svpwaldszszs.net udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 wmeguukokeiy.org udp
US 8.8.8.8:53 geumtvlsv.info udp
US 8.8.8.8:53 uykpxgrmozah.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 xqirhc.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 tqzsbvmg.info udp
US 8.8.8.8:53 vpkeohe.com udp
US 8.8.8.8:53 tupszgxurah.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 nkmhfak.com udp
US 8.8.8.8:53 vafciwf.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 rktgokimnqz.com udp
US 8.8.8.8:53 axfoxwjijqks.net udp
US 8.8.8.8:53 zazytev.com udp
US 8.8.8.8:53 pedeuysdx.info udp
US 8.8.8.8:53 wvfwnplhli.info udp
US 8.8.8.8:53 danrzaesv.com udp
US 8.8.8.8:53 skhgjocoow.net udp
US 8.8.8.8:53 lxzviggfp.com udp
US 8.8.8.8:53 eewkvwybuok.info udp
US 8.8.8.8:53 bcbwvop.com udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 ptoszoyvmgb.info udp
US 8.8.8.8:53 akiuyoke.org udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 xgkcxllrj.net udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 omwwcm.com udp
US 8.8.8.8:53 eyuwwu.com udp
US 8.8.8.8:53 jvnrpdb.com udp
US 8.8.8.8:53 moetetosx.info udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 xhpbpqpttzdm.info udp
US 8.8.8.8:53 ikcsiusbdy.net udp
US 8.8.8.8:53 uuzwlh.info udp
US 8.8.8.8:53 yiquqgkgcmao.org udp
US 8.8.8.8:53 nmieqmwuj.net udp
US 8.8.8.8:53 bibuxrxez.info udp
US 8.8.8.8:53 dqvuujx.info udp
US 8.8.8.8:53 jzoqfzbz.info udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 llfasvez.net udp
US 8.8.8.8:53 iaaykguo.org udp
US 8.8.8.8:53 tijnoupmzo.net udp
US 8.8.8.8:53 yugmak.com udp
US 8.8.8.8:53 vqeckyrqhip.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 coiyusimwa.org udp
US 8.8.8.8:53 uflthxhorbyl.net udp
US 8.8.8.8:53 fawonpop.net udp
US 8.8.8.8:53 wckuxxtei.info udp
US 8.8.8.8:53 npbpje.net udp
US 8.8.8.8:53 vdecbuzoqen.com udp
US 8.8.8.8:53 nddufynvpsbv.net udp
US 8.8.8.8:53 uspqlzl.info udp
US 8.8.8.8:53 hagmjxaj.net udp
US 8.8.8.8:53 vnpxusbqkyzc.net udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 dvgvla.info udp
US 8.8.8.8:53 ngwsifdzbe.net udp
US 8.8.8.8:53 zwymxedw.net udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 mbbczll.info udp
US 8.8.8.8:53 rsikekibxv.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 ojtafsn.info udp
US 8.8.8.8:53 zufoqnzxtstt.net udp
US 8.8.8.8:53 xytxtmrr.net udp
US 8.8.8.8:53 gkkqikkgqg.com udp
US 8.8.8.8:53 nbdtjcdnsouc.info udp
US 8.8.8.8:53 myyjaigs.info udp
US 8.8.8.8:53 mbdicymqjgud.net udp
US 8.8.8.8:53 fcoqmgckn.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 qdpoiwcmgtve.net udp
US 8.8.8.8:53 fxgbxdxoyj.net udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 zwpmymx.com udp
US 8.8.8.8:53 icnidhsmobbx.info udp
US 8.8.8.8:53 ivbxdpfvpf.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ausgwo.com udp
US 8.8.8.8:53 pubdruogecu.org udp
US 8.8.8.8:53 ouyybkrmc.net udp
US 8.8.8.8:53 fphkbcxwbqp.com udp
US 8.8.8.8:53 qucqaogcwi.com udp
US 8.8.8.8:53 wetofgnoy.net udp
US 8.8.8.8:53 bzticsmcwq.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 bdpflywmtg.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 ogdyamg.net udp

Files

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

MD5 88a3d7432ff5d5cee011047d7a3acb16
SHA1 9c5b95142911b292dc75e120545949a1dca72d12
SHA256 fa10ed2990ca760fb82fc16facf3d805f1a12ee3a8e5a723844cc1a0e3b88fcb
SHA512 3d0ff8fe2113ddb3f94bb4f041d7005e11681e4c912ce55f486722adef62df1bd36332fb489a2d61632980ba1f5a60dd8ef71697b21f199611b6010da3ca2147

C:\Windows\SysWOW64\khyojzqldpvpwhxnan.exe

MD5 bc2c2e6019e42289641123c2db3584dc
SHA1 e7b2c809bf63f0a3a362b2b5e4930a5a1b5c7d9b
SHA256 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
SHA512 f31491a41da42f042c41060fa394c5fe36afcb9edb1507d1119936c9f26c79b5a90945393d532b817f1b8007989800e1b823766673f3704154b32cb4ae99af6b

C:\Users\Admin\AppData\Local\Temp\xhlow.exe

MD5 050d1ee9cbfc5f72000529f3a4776249
SHA1 6442833d4ef39884ae20bfdf8af2a0d7efc5b5c9
SHA256 c0b6e1bcf47dcbb23f3ce069786811e581705ed950b153b4d4b7072d23b439de
SHA512 9f47575a25d5404d8c4ebc7febd9d7e5bb3fb4f1c9ced6e96f891cce76e142aac1887283a704c640ce9e139e9e37f8c70b6e8fe75931a14f0a9499bacc82b4be

C:\Users\Admin\AppData\Local\zffeihhlmhwzpjihdzrxxwa.zde

MD5 2717133da12415438e7eba5fef20521c
SHA1 affa49ccaebb3111cac2111d301bcb5f008ef2bf
SHA256 9e00fd4ee2aa1ef5804525c8cd8848b301c0ee829002743665ab2ab4d3bb94bf
SHA512 7b6ef305e774e46cc8c812d7ef3459ef1f9f5b324db8b4ee0d2b7e1e0db089f26892b9c44ec8eb061655d120a28f1403fb6a994bb6db01c744508caf24a78c8b

C:\Users\Admin\AppData\Local\mdoynxixjppdejtdkrulwgvfqfrxxlmrbl.zct

MD5 c7d93a9cefc105b004ebac40a8488522
SHA1 6e5513dc85b3c05ce488206ae294e111e24a490a
SHA256 51c7614f6a6ac16a2f8a98955713f9b48d4ac90d23c9727ebce68ea23d401728
SHA512 f4353baaa9daa23c7b865553d77daa35499a7055593f237fe75e5781e170722da2fa7450d6fa3144b3dc2c19098049ac48de8dfeaca80abc06f7a56cb062078d

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 227e0c98b78b343def1d94bc4acc5717
SHA1 13a4746f84c2e2c0b2976c498e5c4cb70595b7e5
SHA256 5392a1d0266c93aaf53dc384010613df5f1eaae8ae40dcfaaff50ccfe9ed2950
SHA512 6b1214b68d77f1ebff9fd5f00690af3e66dcbccfbc368ea67545cdd887f0163ec29dfa30d2b4651f93eeafdce30c295f04e37df3d3234b70003e763dd5542e0f

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 7553a4af237b1578eb0984271a014ede
SHA1 f23e03f2c4b6aa920510fe2f2ce4bfda4d5566e1
SHA256 5a61ffa3e8b8077c239016c5f3972223ad0bd213a77d25f040df195347cf50fb
SHA512 09b6d26e8351858fdc8af2ddb470cca8d5595cdd75f782290e6a4da3851a20dfa2ac0bb61fce79fe3177ef92ada80e578ce2ab173429c00e887953183fdbbc72

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 a3e80efffbf6f549000f73476ca5c6d7
SHA1 014eddc8e864470586fd7afda4694f18a43b8156
SHA256 3647b25829180f0c21e2250d825f2910cbe406939b06d714b67d7e2c1cc1ab69
SHA512 67e333cceeb9f23261a2bda7a3509acded9b8c5272ee27c9deca6a5265e448ebe109a0299aa9592b031545b54a5f8e4aea91f4cce87e62268a23b8e10421a377

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 29c30b18a8ce5b40e1ec77f6c6e8630e
SHA1 f0cde68cca7bfd1f03267311be540ee38b5c0fdd
SHA256 da358a30ff67b0aa5f1a71490998e67bfa7dd93193a0bc2b28b38c4ec665df69
SHA512 1869d9b24776b2a4a74cab203e9fb9ca80240b61d74606be8dcd9d755aba4209c81f7c134377ed98118d05695bc8d7d5e8a908016d7625ba35be312361e491b6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c442b4dc-a191-4123-8209-426d502b68cb.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 42443383f62b4750f5e4077aaddacb6e
SHA1 c3311fdca3d0fad525f1f3bdf2816e8b2d9e0241
SHA256 b4f6bed52b8b56e5480846fb48fc25b03e024bdb96888e9b1e2b5c2bd56cad06
SHA512 2e4a12c65c46a6c24cc1bbd5c91ed96acbd1a5b47661bec32b7fe556cb52084ecb3122f079768dfabc75c2738b0c1f9a600c40c3e00c304d66223a2403892643

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e7e18cfc1d9e536faebe167b2c15b299
SHA1 911f0bb79fc64c482613b723421fcb2c8689d022
SHA256 89030c4a1c78ff197092b529f8710a701bc70fc02a3de9bd375e6d336dad6ed1
SHA512 c338473f5ee75faaf8b210958d38daa6265468b3f65af80179aab99f620d4f111fc397c1f4a893134d0a4b99f62ae86246101879b44a52f4051c9ef1a0dcb91e

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 0ee4af88f3c036e3b76bfc83f8f7fd1f
SHA1 e789703df384220cae6bab7684c304ebb2e1a747
SHA256 e4948840ebcacaf4b6045d14c59a7ae5fcbc70abe183f30045471c46841d16f2
SHA512 6ff8625d80a577e2a5e89ecb329131846ac2ba3ccbd08276c0b1dabd451a13521a01f1bf8bb938152f9144c76771ad0f66b5aa6e4d88bb183f4c679e4a50e189

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 36392fbe08c320940b4a4aeaed19e3e4
SHA1 3730f90dbf8abb4ae2a5937a5d454a4b91c7d1ac
SHA256 2d0cca52b2ada05139e3f5eb60b0b78f72d6e61badaaf8a2e269bc146e249ad9
SHA512 ae7a98cb22bc4f9b9f5f259a40d8fb41b48c7f71cebbb1c1c115130309bd166cf4a335b09e995761f5dd4bc41ab5a1a688f2a364037ce368250010482d26f34f

C:\Program Files (x86)\zffeihhlmhwzpjihdzrxxwa.zde

MD5 b33e4009b719dd61c556b158d8ef1598
SHA1 5f849e561fc50286612272bd4408b6c1353fdfc6
SHA256 f99d6bfd04b5580c3ad7a957c7d8feeaa11c8070ad40f042f011e954eb07a768
SHA512 074742bdd935f85be7b0a965be3bc632a9d94dd1bed3d54bb03caf9c25bacbc9c70285039e264512a4603986459a5b31c27194f44b75b23fd4ee46380a3124f5