Malware Analysis Report

2025-08-10 16:35

Sample ID 250418-hvv2gsyj12
Target JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4
SHA256 36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7

Threat Level: Known bad

The file JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa

Modifies WinLogon for persistence

Pykspa family

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Checks whether UAC is enabled

Adds Run key to start application

Drops file in System32 directory

Drops autorun.inf file

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 07:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-18 07:03

Reported

2025-04-18 07:06

Platform

win11-20250410-en

Max time kernel

53s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Windows\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Windows\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Windows\ftoyvjbsjlekujykw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Windows\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Windows\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Windows\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Windows\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ftoyvjbsjlekujykw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Windows\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Windows\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Windows\ftoyvjbsjlekujykw.exe N/A
N/A N/A C:\Windows\zpmyxnhatxsamduiwka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
N/A N/A C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
N/A N/A C:\Windows\odzkixqiadxepfvivi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "zpmyxnhatxsamduiwka.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "ylfokxoeuvnsbpdo.exe ." C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ftoyvjbsjlekujykw.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "zpmyxnhatxsamduiwka.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ylfokxoeuvnsbpdo.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "odzkixqiadxepfvivi.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ylfokxoeuvnsbpdo.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "zpmyxnhatxsamduiwka.exe ." C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ylfokxoeuvnsbpdo.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "odzkixqiadxepfvivi.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "zpmyxnhatxsamduiwka.exe ." C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created C:\Windows\SysWOW64\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Program Files (x86)\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created C:\Program Files (x86)\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\llsoxxbehvasopqomkkrnwwad.uzr C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\mdboofauotpyldvkzofd.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File created C:\Windows\llsoxxbehvasopqomkkrnwwad.uzr C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ylfokxoeuvnsbpdo.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
File opened for modification C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
File opened for modification C:\Windows\sllacvsokrpapjdulcvvkm.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mdboofauotpyldvkzofd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\btsghzvqlroymfyoeumlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zpmyxnhatxsamduiwka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ylfokxoeuvnsbpdo.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5792 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5792 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5792 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5964 wrote to memory of 5536 N/A C:\Windows\system32\cmd.exe C:\Windows\mdboofauotpyldvkzofd.exe
PID 5964 wrote to memory of 5536 N/A C:\Windows\system32\cmd.exe C:\Windows\mdboofauotpyldvkzofd.exe
PID 5964 wrote to memory of 5536 N/A C:\Windows\system32\cmd.exe C:\Windows\mdboofauotpyldvkzofd.exe
PID 4880 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 4880 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 4880 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 4788 wrote to memory of 5080 N/A C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4788 wrote to memory of 5080 N/A C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 4788 wrote to memory of 5080 N/A C:\Windows\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5056 wrote to memory of 5144 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 5056 wrote to memory of 5144 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 5056 wrote to memory of 5144 N/A C:\Windows\system32\cmd.exe C:\Windows\zpmyxnhatxsamduiwka.exe
PID 5648 wrote to memory of 1448 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 5648 wrote to memory of 1448 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 5648 wrote to memory of 1448 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 1448 wrote to memory of 2284 N/A C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 1448 wrote to memory of 2284 N/A C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 1448 wrote to memory of 2284 N/A C:\Windows\btsghzvqlroymfyoeumlz.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 6064 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
PID 6064 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
PID 6064 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
PID 2036 wrote to memory of 5336 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
PID 2036 wrote to memory of 5336 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
PID 2036 wrote to memory of 5336 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
PID 5336 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5336 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5336 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 2056 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
PID 2056 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
PID 2056 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
PID 2464 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
PID 2464 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
PID 2464 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
PID 3288 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3288 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 3288 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 1684 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 1684 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 1684 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 1684 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 1684 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 1684 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
PID 232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\odzkixqiadxepfvivi.exe
PID 232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\odzkixqiadxepfvivi.exe
PID 232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\odzkixqiadxepfvivi.exe
PID 2260 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 2260 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 2260 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 2684 wrote to memory of 5764 N/A C:\Windows\system32\cmd.exe C:\Windows\ftoyvjbsjlekujykw.exe
PID 2684 wrote to memory of 5764 N/A C:\Windows\system32\cmd.exe C:\Windows\ftoyvjbsjlekujykw.exe
PID 2684 wrote to memory of 5764 N/A C:\Windows\system32\cmd.exe C:\Windows\ftoyvjbsjlekujykw.exe
PID 5764 wrote to memory of 648 N/A C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5764 wrote to memory of 648 N/A C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 5764 wrote to memory of 648 N/A C:\Windows\ftoyvjbsjlekujykw.exe C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
PID 544 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe C:\Windows\ylfokxoeuvnsbpdo.exe
PID 544 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe C:\Windows\ylfokxoeuvnsbpdo.exe
PID 544 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe C:\Windows\ylfokxoeuvnsbpdo.exe
PID 5984 wrote to memory of 5804 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 5984 wrote to memory of 5804 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 5984 wrote to memory of 5804 N/A C:\Windows\system32\cmd.exe C:\Windows\btsghzvqlroymfyoeumlz.exe
PID 1708 wrote to memory of 2968 N/A C:\Windows\system32\cmd.exe C:\Windows\mdboofauotpyldvkzofd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bdmkv.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\bdmkv.exe

"C:\Users\Admin\AppData\Local\Temp\bdmkv.exe" "-C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe"

C:\Users\Admin\AppData\Local\Temp\bdmkv.exe

"C:\Users\Admin\AppData\Local\Temp\bdmkv.exe" "-C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe

C:\Windows\ylfokxoeuvnsbpdo.exe

ylfokxoeuvnsbpdo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .

C:\Windows\mdboofauotpyldvkzofd.exe

mdboofauotpyldvkzofd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mavticomyqvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe

C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .

C:\Windows\mavticomyqvpwhxnan.exe

mavticomyqvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dqkhvozwhycvblapb.exe .

C:\Windows\dqkhvozwhycvblapb.exe

dqkhvozwhycvblapb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xmihxsferkqltfwnbpb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mavticomyqvpwhxnan.exe .

C:\Windows\xmihxsferkqltfwnbpb.exe

xmihxsferkqltfwnbpb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\dqkhvozwhycvblapb.exe*."

C:\Windows\mavticomyqvpwhxnan.exe

mavticomyqvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mavticomyqvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe

C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe

C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe .

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\wibxkcmisildirft.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."

C:\Windows\ftoyvjbsjlekujykw.exe

ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe

C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mavticomyqvpwhxnan.exe*."

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."

C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe

"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"

C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe

"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .

C:\Windows\odzkixqiadxepfvivi.exe

odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe

C:\Windows\zpmyxnhatxsamduiwka.exe

zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .

C:\Windows\btsghzvqlroymfyoeumlz.exe

btsghzvqlroymfyoeumlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe

C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe

C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kaxxokyymgnjsfxpetgw.exe

C:\Windows\kaxxokyymgnjsfxpetgw.exe

kaxxokyymgnjsfxpetgw.exe

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."

C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe

"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dqkhvozwhycvblapb.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
FR 52.222.159.143:80 www.imdb.com tcp
GB 77.97.178.13:26660 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 ghqecof.net udp
US 8.8.8.8:53 fwjnhgj.org udp
US 8.8.8.8:53 lwnfhv.info udp
US 8.8.8.8:53 hggkhe.info udp
US 8.8.8.8:53 nlfhemwoyltl.net udp
US 8.8.8.8:53 zbpylasyr.com udp
US 8.8.8.8:53 whlulmi.info udp
US 8.8.8.8:53 srdipsinfgfu.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 bzrfqkesaviu.net udp
US 8.8.8.8:53 flhdrjs.net udp
US 8.8.8.8:53 pqzlqirz.net udp
US 8.8.8.8:53 srdvudhs.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 fjfseh.net udp
US 8.8.8.8:53 zmrepgnoibe.info udp
US 8.8.8.8:53 easqikv.info udp
US 8.8.8.8:53 kiursdmc.net udp
US 8.8.8.8:53 iksgmw.com udp
US 8.8.8.8:53 lgmqzezefhc.info udp
US 8.8.8.8:53 snvbubj.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 syfylgo.net udp
US 8.8.8.8:53 jmhefjn.info udp
US 8.8.8.8:53 ashwsez.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 yipsoauimwp.info udp
US 8.8.8.8:53 rcwjsgjarm.info udp
US 8.8.8.8:53 dqdylmbtdmds.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 xrjshdpogxk.net udp
US 8.8.8.8:53 pwsgxhuhlqtd.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 smwkws.org udp
US 8.8.8.8:53 syzxnoht.net udp
US 8.8.8.8:53 yvteivhyhx.net udp
US 8.8.8.8:53 uokwkaua.com udp
US 8.8.8.8:53 yuqguewosq.org udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 xqpmcubia.net udp
US 8.8.8.8:53 okyymiciyo.org udp
US 8.8.8.8:53 lhfaigrgz.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 qyffooarp.info udp
US 8.8.8.8:53 bidenmp.org udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 wkvqgpfvda.net udp
US 8.8.8.8:53 uzxilzref.net udp
US 8.8.8.8:53 mtjmoum.net udp
US 8.8.8.8:53 joulxid.com udp
US 8.8.8.8:53 vehuxguwz.info udp
US 8.8.8.8:53 pweetvxafcx.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 swoxvejwb.net udp
US 8.8.8.8:53 jgnqbghax.org udp
US 8.8.8.8:53 wvorjtbjbt.net udp
US 8.8.8.8:53 lcqcmyuhvmq.net udp
US 8.8.8.8:53 wkboqmlkagn.info udp
US 8.8.8.8:53 lwkwhoowx.net udp
US 8.8.8.8:53 hqqotujbjqz.info udp
US 8.8.8.8:53 qzvoloa.info udp
US 8.8.8.8:53 znlgvyj.info udp
US 8.8.8.8:53 njsgbi.net udp
US 8.8.8.8:53 eaeyjeuwpxp.info udp
US 8.8.8.8:53 zchklmfhd.info udp
US 8.8.8.8:53 ncuckg.info udp
US 8.8.8.8:53 dexkzyppdjdx.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 jnieqvmh.net udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 xofxrc.net udp
US 8.8.8.8:53 wytsbmvhy.net udp
US 8.8.8.8:53 hwtdln.info udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 dcxxwiokgmp.net udp
US 8.8.8.8:53 dinwvxrwc.org udp
US 8.8.8.8:53 bvrlxiawb.net udp

Files

C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe

MD5 f05247bae2f7e2befdebd7d8382063dc
SHA1 e9ddb54fe5f9e6c118cbb805fedaeb279c275f54
SHA256 f0f87759bf34ead91d50f10084c3c923038f63664b5addc0ef2d537064ce200f
SHA512 acf4c6fa42b5843d0f41a0e64a78d26fffb7170051179a20cd0c6b38a6227d42f24abd2ddd5b1915c0d45d9d3c9fd4db5b21cf4c32b3219903fc6d323f5e0b51

C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe

MD5 bd0b66050d49b213e682c9f3dbddd4f4
SHA1 3e6dc7c446dc88cd3b9aa237c8d4836bff134a18
SHA256 36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7
SHA512 7d0b3e9d573564d7d937b9ec83f21682a692c5ddb3797b155866b7620ecfebd6d2e444ab6d5a3f17b0d15a2db6af11f84aedfc93671c68d239cd2236c3b75ffa

C:\Users\Admin\AppData\Local\Temp\bdmkv.exe

MD5 26b6b6241a89e767f3ec1a5b7dc53c0c
SHA1 8c0aa7286ee9bd03ca57d4738a2a0f3532dfac78
SHA256 512ed7fa66a3fc5b6835e9d06116d47455723d9710cdd4a1689a8a426630c247
SHA512 90a15bf41aea1d4ed920f6b204930bb9d3cc16e437270a32c42f1abe940ef747d5178703724c46e20c125d7bc1ba2e35934c73b61004e0eec4079f46f965626f

C:\Users\Admin\AppData\Local\llsoxxbehvasopqomkkrnwwad.uzr

MD5 55e890492ab332696ccbb371a5cc9f11
SHA1 6e0c7bb57ec997a441e9955edb33a934da43b4eb
SHA256 b64f01af5d4c445e8ce049a098838cfadf87efecd596bd070d21d193a4a42e2c
SHA512 49239990a55cfa8de2d81d537cb30108584c5df3645950a049ca6aed332a27c716ca0062ebf7e348b4d0e8e361ddcb7458d2972d9818f294ebc7d8f62508e4d6

C:\Users\Admin\AppData\Local\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn

MD5 d49a1dfe4144826cc7cfa8bf684ca76b
SHA1 a9b83f92e5174d11f481ae0410d35630a9b942ff
SHA256 48f639d73e37e291bcb50cd55f4179dd1da693b5e244033d3050bbcdc4bb14d5
SHA512 fd37d6b40e4a391bed5e8edfaea5d7f91aec8e872bcb03a0c71ab10f6f1b47a5a1486c966bc7c6f534ad9abae67eac7c83f6e3fa2f93b5a99ce26abc61e418b0

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 5538f6bdc08b44cf3f7272d016ba8384
SHA1 f5e73994a8c03dc1ba51fd58d411772a84fe3b86
SHA256 45920b74b3a8252e0cd24f6e5b078d4ee67e27d10e21c5c17faf5be2b57a27bd
SHA512 86cc6793533b2c6d4cc1a05a058eeaf98f6e73beb6c6c7263709630e7547c871f443a15321002d2d343a16bbbfa2acd32bbc9f551847891c3531c32ba71ae1c0

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 b64b48960b2a7440e915fd482552768a
SHA1 ede3542d60622cf4bdf50b4baf31937155c7e911
SHA256 e0241377f12979e4260f1293060d9a130e76272fe03c3dcf5beed1263c909b8a
SHA512 da6430cd70d2c6192d6fa670ed3bd7b25652c8c1caed19e4258f3925256ea8aa63888b308e8b5fb8aec7a02d515db7132cd27407243ea07df4b245125edfaa90

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 6ce56e32e7e82f732c963b7573ab0948
SHA1 2bcc6b2c30d88d370db9f5d5b881da1d19278a58
SHA256 688bdb4bd634eb62a981ed45cca9df4fcf40b59fd0fa1155732c883c7c69588b
SHA512 4866ed85293bbceb1dda1a915c59b6fd82c048f1bb4a40277f4728fed82a3b22ffa57ace1d1080a8a9c60881b9952a27bda14763845e3f8d956a4c93a8f6d384

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 961e20c0afe4e8fc7592ad3bcbcd8603
SHA1 fcdeb5c06bc3f21239568eca71c9b8f83d171394
SHA256 5de52411c43416f99d86220324ccff2efc5e2f33c9cf68d128bf422c4703fcf7
SHA512 f4fd51bd0845ae9aa73f12a7403ca9c53f51aa2eb5c3e7ea301befff956d212b76aedc7a762e8c6815fd1ac3b65385c0088421681f6623fec9947a5410f32335

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 e010762f703df24fd612bea538b06c9b
SHA1 add8886e095bec92adff8a5d4ed6b1c507d83c45
SHA256 67842116bcbe701c6368a7746b3e6d2866f2fadc32bf1493ee69d07a7f47292f
SHA512 797cd3c4ecf18cd5bc85cb1bf1b9388967754098d3ac893bb980fa26149c04f26856b713eca155ee4846940cf1c94264627bc1e14da97e665012f5c101a005ce

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 29f1f6e3868734ffbd9babbd02be8b13
SHA1 b179f4c219efa64c7312df7efd1f429601d7e17f
SHA256 92f85e00b7bcd17c365cea4d59db53f6e0b50004a4ba2588b18f24338a4c2d7c
SHA512 1600adec41a727211e2a166b6d0eed961890fa257511c565f7cfa33113ab9a88cfc1f2fa8411e21029a75d07e65efd529e186ad3a0908c6c5df4eaa59de03284

C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr

MD5 20789a45f97cd972405be04ccf4695a2
SHA1 cdfcb5b5419a161af265813a0df1506240dd85be
SHA256 6bcac48f5ad06877459ecadc2b997cd7b3665c11c12b361a7054a692f4bdb1d5
SHA512 f71aa339ecf4bdfdf6e20fb41e2639365a1c0be556deb2742b94ac55b100d3c4780ff40fb9d8c8c3a42980f4c121b2a03bb7e3db82ec47d017d1b06f518ae600

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 07:03

Reported

2025-04-18 07:06

Platform

win10v2004-20250410-en

Max time kernel

39s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\itjgpjzolzbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\rduscxoecruqfeqsac.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Windows\itjgpjzolzbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Windows\itjgpjzolzbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\etnobztmnflkcetyjoshb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\blawexmawjkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
N/A N/A C:\Windows\itjgpjzolzbwkitub.exe N/A
N/A N/A C:\Windows\etnobztmnflkcetyjoshb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "pdwwifyqqhmkbcqueilz.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "itjgpjzolzbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "etnobztmnflkcetyjoshb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "itjgpjzolzbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "blawexmawjkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "cphgrnfwvlpmccpsbeg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe ." C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\SysWOW64\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gbbibffeljvaygbmdoyttat.xwd C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File created C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Program Files (x86)\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File created C:\Program Files (x86)\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rduscxoecruqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rduscxoecruqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdwwifyqqhmkbcqueilz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itjgpjzolzbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cphgrnfwvlpmccpsbeg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5352 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5352 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5352 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4536 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 4536 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 4536 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 4784 wrote to memory of 4912 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 4784 wrote to memory of 4912 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 4784 wrote to memory of 4912 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 4720 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 4720 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 4720 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 3316 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Windows\cphgrnfwvlpmccpsbeg.exe
PID 3316 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Windows\cphgrnfwvlpmccpsbeg.exe
PID 3316 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Windows\cphgrnfwvlpmccpsbeg.exe
PID 5232 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 5232 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 5232 wrote to memory of 4840 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 4824 wrote to memory of 5036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 4824 wrote to memory of 5036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 4824 wrote to memory of 5036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
PID 4912 wrote to memory of 5988 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4912 wrote to memory of 5988 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4912 wrote to memory of 5988 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4836 wrote to memory of 3312 N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Windows\System32\Conhost.exe
PID 4836 wrote to memory of 3312 N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Windows\System32\Conhost.exe
PID 4836 wrote to memory of 3312 N/A C:\Windows\cphgrnfwvlpmccpsbeg.exe C:\Windows\System32\Conhost.exe
PID 4392 wrote to memory of 6104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
PID 4392 wrote to memory of 6104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
PID 4392 wrote to memory of 6104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
PID 5036 wrote to memory of 5144 N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5036 wrote to memory of 5144 N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5036 wrote to memory of 5144 N/A C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 820 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
PID 820 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
PID 820 wrote to memory of 5976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
PID 5976 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5976 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5976 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1120 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 1120 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 1120 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 1120 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 1120 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 1120 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\edhsp.exe
PID 2224 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 2224 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 2224 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\rduscxoecruqfeqsac.exe
PID 3592 wrote to memory of 4104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3592 wrote to memory of 4104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3592 wrote to memory of 4104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1404 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 1404 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 1404 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\blawexmawjkeroyy.exe
PID 3620 wrote to memory of 840 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 3620 wrote to memory of 840 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 3620 wrote to memory of 840 N/A C:\Windows\system32\cmd.exe C:\Windows\itjgpjzolzbwkitub.exe
PID 5852 wrote to memory of 4548 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5852 wrote to memory of 4548 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5852 wrote to memory of 4548 N/A C:\Windows\blawexmawjkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 840 wrote to memory of 4580 N/A C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 840 wrote to memory of 4580 N/A C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 840 wrote to memory of 4580 N/A C:\Windows\itjgpjzolzbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5560 wrote to memory of 3648 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\edhsp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\edhsp.exe

"C:\Users\Admin\AppData\Local\Temp\edhsp.exe" "-C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe"

C:\Users\Admin\AppData\Local\Temp\edhsp.exe

"C:\Users\Admin\AppData\Local\Temp\edhsp.exe" "-C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\cphgrnfwvlpmccpsbeg.exe

cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\etnobztmnflkcetyjoshb.exe

etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\itjgpjzolzbwkitub.exe

itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\pdwwifyqqhmkbcqueilz.exe

pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Windows\rduscxoecruqfeqsac.exe

rduscxoecruqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Windows\blawexmawjkeroyy.exe

blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe

C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe

C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 88.221.135.0:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.imdb.com udp
FR 52.222.159.143:80 www.imdb.com tcp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 pdvlzqvj.net udp
US 8.8.8.8:53 dgjcnhgxln.net udp
US 8.8.8.8:53 arwlrb.net udp
US 8.8.8.8:53 ualkkompkjn.net udp
US 8.8.8.8:53 tcjqkah.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 ymlktwx.net udp
US 8.8.8.8:53 rkhlgchutah.info udp
US 8.8.8.8:53 lwxafrwnnwge.info udp
US 8.8.8.8:53 enlqvq.info udp
US 8.8.8.8:53 zcfujytjyzb.info udp
US 8.8.8.8:53 egoktqq.info udp
US 8.8.8.8:53 hzvaqiiztcp.net udp
US 8.8.8.8:53 pergva.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 jpbinbzwz.info udp
US 8.8.8.8:53 emaqxov.info udp
US 8.8.8.8:53 bpfezdoc.net udp
US 8.8.8.8:53 fctuqapprdv.info udp
US 8.8.8.8:53 khzemrpy.info udp
US 8.8.8.8:53 tcrmxiloj.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 yooemgoaoe.com udp
US 8.8.8.8:53 htbudy.net udp
US 8.8.8.8:53 kgggsqwyaksk.org udp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 ctzbfg.info udp
US 8.8.8.8:53 kbknqbxpzs.info udp
US 8.8.8.8:53 gfrhfi.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 iwbcnkxyz.info udp
US 8.8.8.8:53 ggoiisygwcmc.org udp
US 8.8.8.8:53 qdpoiwcmgtve.net udp
US 8.8.8.8:53 aykikyoe.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 sfbmbn.info udp
US 8.8.8.8:53 vvfkaqtjhn.info udp
US 8.8.8.8:53 xngxgeldjm.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ewgiwcascomg.org udp
US 8.8.8.8:53 enuzvfjssg.net udp
US 8.8.8.8:53 gbvqgiuu.info udp
US 8.8.8.8:53 tftvkh.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 asbghon.info udp
US 8.8.8.8:53 ouyybkrmc.net udp
US 8.8.8.8:53 fphkbcxwbqp.com udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 uecyyg.org udp
US 8.8.8.8:53 vwfubtvddy.info udp
US 8.8.8.8:53 seqsogkseq.org udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 igcujecm.info udp
US 8.8.8.8:53 laxrsig.info udp
US 8.8.8.8:53 cflmyqhon.net udp
US 8.8.8.8:53 wqockoqwuc.org udp
US 8.8.8.8:53 owzynqdsd.net udp
US 8.8.8.8:53 xmbgzwfbaszk.info udp
US 8.8.8.8:53 muacyrlj.net udp
US 8.8.8.8:53 bttuzvbe.net udp
US 8.8.8.8:53 iermlty.net udp
US 8.8.8.8:53 jwjgjqpenef.com udp
US 8.8.8.8:53 kqvqxov.info udp
US 8.8.8.8:53 cuxxkvx.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ssdjdapehhcs.net udp
US 8.8.8.8:53 oifosvtmw.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 fmngpcshw.info udp
US 8.8.8.8:53 ywsfkahy.net udp
US 8.8.8.8:53 fgsiwed.net udp
US 8.8.8.8:53 iheijzwmruv.info udp
US 8.8.8.8:53 mcwcgw.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 hurssxuit.net udp
US 8.8.8.8:53 ayiangiastp.info udp
US 8.8.8.8:53 jfrccv.info udp
US 8.8.8.8:53 rvmurktkglat.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 hmcolex.info udp
US 8.8.8.8:53 czvzxojg.info udp
US 8.8.8.8:53 rwnbjsh.net udp
US 8.8.8.8:53 cotdkwuckwn.net udp
US 8.8.8.8:53 qwnfud.info udp
US 8.8.8.8:53 uidjbk.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 kcrwomznpeb.info udp
US 8.8.8.8:53 ecoscya.net udp
US 8.8.8.8:53 tpemiswxy.info udp
US 8.8.8.8:53 gonsqv.net udp
US 8.8.8.8:53 dskknm.info udp
US 8.8.8.8:53 dscesxdpr.info udp
US 8.8.8.8:53 qwzkmbnmd.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 oumoigky.org udp
US 8.8.8.8:53 beftjyt.org udp
US 8.8.8.8:53 uuiycci.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 wbgsfbaswukx.net udp
US 8.8.8.8:53 tjnezkt.info udp
US 8.8.8.8:53 pyvlmlda.info udp
US 8.8.8.8:53 syjejykbzka.net udp
US 8.8.8.8:53 hrhbfi.info udp
US 8.8.8.8:53 ekrsjcbyswi.info udp
US 8.8.8.8:53 eoaywggkeu.org udp
US 8.8.8.8:53 wbyztvtxpy.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 ochovmtna.net udp
US 8.8.8.8:53 oesukj.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 djoedopswao.com udp
US 8.8.8.8:53 agxypfvke.net udp
US 8.8.8.8:53 yoyawyau.org udp
US 8.8.8.8:53 zrxobj.net udp
US 8.8.8.8:53 giuofywddm.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 ebherg.info udp
US 8.8.8.8:53 cuqmwgaumq.com udp
US 8.8.8.8:53 tzbbew.info udp
US 8.8.8.8:53 gwsokuqw.org udp
US 8.8.8.8:53 mazangbai.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 wnurqy.info udp
US 8.8.8.8:53 qiegqauuwsau.com udp
US 8.8.8.8:53 yeiwscaoei.com udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 yzahnikpl.info udp
US 8.8.8.8:53 btvctk.net udp
US 8.8.8.8:53 ttpndwxdbb.info udp
US 8.8.8.8:53 nmbkbyxkllwr.net udp
US 8.8.8.8:53 ddtfxpdrjx.net udp
US 8.8.8.8:53 xuhnlell.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 guwwwk.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 tgbvyyjmj.info udp
US 8.8.8.8:53 psfinpjc.info udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 uioqekgemwiw.org udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 rnhmpmdbvt.info udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 zmrzskzepnvo.net udp
US 8.8.8.8:53 pstepvbydif.org udp
US 8.8.8.8:53 edlktjn.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 savvqacszq.info udp
US 8.8.8.8:53 skggci.org udp
US 8.8.8.8:53 veygfiqzcgw.org udp
US 8.8.8.8:53 issqek.com udp
US 8.8.8.8:53 hfvxwlmqjt.net udp
US 8.8.8.8:53 smayww.org udp
US 8.8.8.8:53 gwqfrqklpvd.info udp
US 8.8.8.8:53 cinfvde.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 xafequjquag.info udp
US 8.8.8.8:53 zcgmdnncd.net udp
US 8.8.8.8:53 drxidcsptr.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 vhsbrhvvwszk.info udp
US 8.8.8.8:53 ywnmkrytvbnl.net udp
US 8.8.8.8:53 kkiotexddjj.net udp
US 8.8.8.8:53 fdanbyn.net udp
US 8.8.8.8:53 nujslybrdl.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 aqiojlqkk.net udp
US 8.8.8.8:53 bnxeagnwn.info udp
US 8.8.8.8:53 nldxrmhvu.net udp
US 8.8.8.8:53 yauqwceuqg.org udp
US 8.8.8.8:53 kkhthtbs.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 ioeuqciyemsk.com udp
US 8.8.8.8:53 ymrucnlyxrz.net udp
US 8.8.8.8:53 yjjlni.info udp
US 8.8.8.8:53 iwsmukue.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 qeeiwe.org udp
US 8.8.8.8:53 xruxba.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 bwzdwqu.info udp
US 8.8.8.8:53 vhfwrqsdco.info udp
US 8.8.8.8:53 yussomyo.org udp
US 8.8.8.8:53 fymqrsdzoxz.org udp
US 8.8.8.8:53 xstimldrupz.com udp
US 8.8.8.8:53 rgjpxgitnd.net udp
US 8.8.8.8:53 kgtxavlitsv.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 lqjkvknwjyh.com udp
US 8.8.8.8:53 xtqxamjow.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 wcymii.org udp
US 8.8.8.8:53 pgghfkx.info udp
US 8.8.8.8:53 edqyrkx.info udp
US 8.8.8.8:53 zirxsngyrra.com udp
US 8.8.8.8:53 ogyeqsuo.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 qcnxzwracwl.info udp
US 8.8.8.8:53 geuuuisyke.org udp
US 8.8.8.8:53 ggxibyp.info udp
US 8.8.8.8:53 oymokmmeeisc.com udp
US 8.8.8.8:53 yeieggokyyce.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 bcveiujml.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 kccmuiaegoic.org udp
US 8.8.8.8:53 jmhitynsj.net udp
US 8.8.8.8:53 dekxlrpihr.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 jftbmggsar.info udp
US 8.8.8.8:53 fynoffr.org udp
US 8.8.8.8:53 tsawrcf.net udp
US 8.8.8.8:53 xdukutem.net udp
US 8.8.8.8:53 zuryddduf.com udp
US 8.8.8.8:53 cuoakmaw.com udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 xsfezwy.org udp
US 8.8.8.8:53 osdyvzkdnt.info udp
US 8.8.8.8:53 kyzbvqrplwd.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 eygicuec.com udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 qagwieeyso.org udp
US 8.8.8.8:53 rotpyetcn.info udp
US 8.8.8.8:53 fejctnmr.net udp
US 8.8.8.8:53 qqgwew.com udp
US 8.8.8.8:53 ugkuhi.net udp
US 8.8.8.8:53 wsesic.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 pzupyxvmhp.info udp
US 8.8.8.8:53 nmpdlo.net udp
US 8.8.8.8:53 ohlaonu.info udp
US 8.8.8.8:53 vfylpmwn.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 ooikcwcqak.com udp
US 8.8.8.8:53 bojyjbpezcr.net udp
US 8.8.8.8:53 mgaycy.org udp
US 8.8.8.8:53 swfpnkhqlqs.info udp
US 8.8.8.8:53 afigrb.info udp
US 8.8.8.8:53 gyqiaqooke.org udp
US 8.8.8.8:53 ezxcjtvhqaf.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 xytxubbz.net udp
US 8.8.8.8:53 yqxdxbrwu.net udp
US 8.8.8.8:53 rxmsbotduncs.info udp
US 8.8.8.8:53 eefufemkpwq.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 tpofbwrkpf.net udp
US 8.8.8.8:53 vctyzaxsqsf.com udp
US 8.8.8.8:53 pxgolu.net udp
US 8.8.8.8:53 rjiixy.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 tdmgxtlefj.net udp
US 8.8.8.8:53 vftqxkfple.net udp
US 8.8.8.8:53 ioofwv.net udp
US 8.8.8.8:53 cqummvhkkxi.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 hotqpbdkfuh.info udp
US 8.8.8.8:53 uwhwoodsnyo.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 mgwcusaece.org udp
US 8.8.8.8:53 twhwjdbipci.org udp
US 8.8.8.8:53 fslajan.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ieawsawykaey.com udp
US 8.8.8.8:53 rqtzxoz.net udp
US 8.8.8.8:53 gbeizltyhaf.net udp
US 8.8.8.8:53 obertldw.net udp
US 8.8.8.8:53 tknsxkyox.org udp
US 8.8.8.8:53 jjfkdkcww.org udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 ckcomycc.com udp
US 8.8.8.8:53 osiagyos.org udp
US 8.8.8.8:53 qflbwqao.net udp
US 8.8.8.8:53 hzioobtptqel.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 ekksce.org udp
US 8.8.8.8:53 tghclnarytma.info udp
US 8.8.8.8:53 xsfqaxr.org udp
US 8.8.8.8:53 airfvaibutlg.net udp
US 8.8.8.8:53 qgtuyjx.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ftbrzzmztu.net udp
US 8.8.8.8:53 wcugug.com udp
US 8.8.8.8:53 mixuziluodd.net udp
US 8.8.8.8:53 hwllvoz.net udp
US 8.8.8.8:53 lwfhhhefbcma.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 useuqoce.com udp
US 8.8.8.8:53 ylxoppwnwc.info udp
US 8.8.8.8:53 zbnxmkjiojkt.info udp
US 8.8.8.8:53 wgieme.org udp
US 8.8.8.8:53 hixwmdgfm.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 nckbclr.com udp
US 8.8.8.8:53 cijyxarmx.net udp
US 8.8.8.8:53 wqxqxoimcmhs.net udp
US 8.8.8.8:53 bmzjxo.info udp
US 8.8.8.8:53 imcxqe.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 bjeoemtnmwok.net udp
US 8.8.8.8:53 hlidjpuwp.net udp
US 8.8.8.8:53 jxktvv.info udp
US 8.8.8.8:53 grfdrfllvrnu.net udp
US 8.8.8.8:53 eyyesugw.org udp
US 8.8.8.8:53 txtryn.net udp
US 8.8.8.8:53 lsiidmcrmmvn.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 wsiaurlivmvq.info udp
US 8.8.8.8:53 gihuzdjfx.info udp
US 8.8.8.8:53 mqmusaseioos.com udp
US 8.8.8.8:53 akcleqlw.info udp
US 8.8.8.8:53 uohuzzrxcnaf.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 kyysyo.org udp
US 8.8.8.8:53 vutfvxd.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 eyablupuzch.info udp
US 8.8.8.8:53 pnlqjwu.info udp
US 8.8.8.8:53 rxyoxyxjvwls.info udp
US 8.8.8.8:53 wmkaqm.org udp
US 8.8.8.8:53 wszvezwmrw.info udp
US 8.8.8.8:53 cnzlnepvveyh.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 hqhrpgniod.info udp
US 8.8.8.8:53 qgbfxehaxo.net udp
US 8.8.8.8:53 zqjycwnlbfm.net udp
US 8.8.8.8:53 bqgcdsjnouv.info udp
US 8.8.8.8:53 tgguni.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 bptupy.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 jcaamujkj.info udp
US 8.8.8.8:53 iekywyascw.com udp
US 8.8.8.8:53 jrfojwisw.org udp
US 8.8.8.8:53 tuetjrfirc.net udp
US 8.8.8.8:53 bjgtymvb.net udp
US 8.8.8.8:53 iekcacig.org udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 rxplfzlc.net udp
US 8.8.8.8:53 reshmy.info udp
US 8.8.8.8:53 dnnqvwhpopvy.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 gqrymwf.net udp
US 8.8.8.8:53 pdstcckfspiq.info udp
US 8.8.8.8:53 ublzoyngp.net udp
US 8.8.8.8:53 hebstrxkj.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 jltedpdkv.net udp
US 8.8.8.8:53 keeoiees.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 dwzexl.info udp
US 8.8.8.8:53 tkzaldtqv.info udp
US 8.8.8.8:53 pinhnedw.info udp
US 8.8.8.8:53 ymuqoaoegugm.org udp
US 8.8.8.8:53 rjlwln.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 mbawvtparsth.info udp
US 8.8.8.8:53 dqyuksxpm.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 vyatlh.net udp
US 8.8.8.8:53 svpilyp.net udp
US 8.8.8.8:53 auhtyeh.net udp
US 8.8.8.8:53 yaiowkqaqw.org udp
US 8.8.8.8:53 nufifxswempx.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 yswoplnd.net udp
US 8.8.8.8:53 aahinwp.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 xvknnrlru.org udp
US 8.8.8.8:53 tmzobwyvgg.info udp
US 8.8.8.8:53 qmgcwaqsyaso.org udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 hmgselx.org udp
US 8.8.8.8:53 lgtpiv.net udp
US 8.8.8.8:53 zbkwfgxx.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 sklipxtkb.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 qmyarj.info udp
US 8.8.8.8:53 fcufpcqj.net udp
US 8.8.8.8:53 mihxrwkmm.info udp
US 8.8.8.8:53 iasiqc.org udp
US 8.8.8.8:53 bydyzrejppn.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 cvbugi.net udp
US 8.8.8.8:53 biebjzzc.info udp
US 8.8.8.8:53 hgobxu.net udp
US 8.8.8.8:53 aqjwzgc.net udp
US 8.8.8.8:53 hdlitqwi.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 hiqumgp.info udp
US 8.8.8.8:53 fvmgrsz.info udp
US 8.8.8.8:53 rpasznfyus.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 ptdhvmduj.net udp
US 8.8.8.8:53 bxkwqutltgw.net udp
US 8.8.8.8:53 lgfgvm.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 iyewmukssgik.com udp
US 8.8.8.8:53 ydtjsz.net udp
US 8.8.8.8:53 uugakqwg.org udp
US 8.8.8.8:53 ktuihvzh.net udp
US 8.8.8.8:53 pukkum.info udp
US 8.8.8.8:53 zkgsldl.com udp
US 8.8.8.8:53 oubbvffehirr.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 bjgtfrhemd.info udp
US 8.8.8.8:53 xkrkxtgcren.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 juozdcx.net udp
US 8.8.8.8:53 nezkuwlkb.net udp
US 8.8.8.8:53 bllethfgilj.info udp
US 8.8.8.8:53 wygugiao.org udp
US 8.8.8.8:53 waeowxc.info udp
US 8.8.8.8:53 dqtuihhhpvr.net udp
US 8.8.8.8:53 ednnflh.info udp
US 8.8.8.8:53 rsskxn.info udp
US 8.8.8.8:53 simocqcguk.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 ksnelpckjan.info udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 kakqia.org udp
US 8.8.8.8:53 fmpwomwkktvh.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 daenibz.net udp
US 8.8.8.8:53 aeimmkuwmkky.org udp
US 8.8.8.8:53 ojwkxuiua.info udp
US 8.8.8.8:53 nauucwxsaco.com udp
US 8.8.8.8:53 ucnyzgsytoj.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 laydfipusg.net udp
US 8.8.8.8:53 isxqlkteinqw.info udp
US 8.8.8.8:53 uitcuruqyd.net udp
US 8.8.8.8:53 furmjwr.info udp
US 8.8.8.8:53 wcuiqgio.com udp
US 8.8.8.8:53 akwouszpx.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 tlnlgxoxfmvm.info udp
US 8.8.8.8:53 iosaquue.org udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 mawikeew.com udp
US 8.8.8.8:53 jwdnbuzhkqp.com udp
US 8.8.8.8:53 jlpbrqfrww.info udp
US 8.8.8.8:53 vodzdfvev.com udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 dvbgdeeyb.info udp
US 8.8.8.8:53 yqlhyuigh.net udp
US 8.8.8.8:53 rklmhsjkgyl.org udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 vodfxfs.info udp
US 8.8.8.8:53 rlrvqv.info udp
US 8.8.8.8:53 rmvbchjb.net udp
US 8.8.8.8:53 aujxoq.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 nkpjicr.org udp
US 8.8.8.8:53 hylzttocpkd.com udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 hqxgrcmkev.net udp
US 8.8.8.8:53 dttijrus.net udp
US 8.8.8.8:53 vinexubulnl.org udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 fmvudtdupebn.info udp
US 8.8.8.8:53 uhecny.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 rtoykrdudu.info udp
US 8.8.8.8:53 vnqrls.net udp
US 8.8.8.8:53 jfimzw.net udp
US 8.8.8.8:53 aegcepzghxwn.info udp
US 8.8.8.8:53 pmudkv.info udp
US 8.8.8.8:53 zkdaae.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 iynkwmfed.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 pshzjp.info udp
US 8.8.8.8:53 kxvomb.net udp
US 8.8.8.8:53 gqrmaszaq.net udp
US 8.8.8.8:53 gjpcsuobrw.net udp
US 8.8.8.8:53 yuepypc.info udp
US 8.8.8.8:53 hqhdteuaieh.com udp
US 8.8.8.8:53 ubpbptft.net udp
US 8.8.8.8:53 bgsczezsqyj.net udp
US 8.8.8.8:53 xefqqssoqjh.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 ruhgwgdevnr.com udp
US 8.8.8.8:53 ykzislp.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 tezgharxc.com udp
US 8.8.8.8:53 jsnlpfot.net udp
US 8.8.8.8:53 aadvbf.info udp
US 8.8.8.8:53 puoklt.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 oixjdsf.net udp
US 8.8.8.8:53 qoguia.com udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 ikzgmyh.net udp
US 8.8.8.8:53 makckoeo.com udp
US 8.8.8.8:53 czetmd.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 kutpkfpmiwxl.net udp
US 8.8.8.8:53 vjwatlfj.net udp
US 8.8.8.8:53 judbdennkgd.info udp
US 8.8.8.8:53 uesaqe.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 wgkoggugas.com udp
US 8.8.8.8:53 sxbsgcpgfit.info udp
US 8.8.8.8:53 oiolsgbsfh.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 jgdgtjz.net udp
US 8.8.8.8:53 tjxjurbobuf.net udp
US 8.8.8.8:53 bylbrlymcwwl.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 kywntixor.info udp
US 8.8.8.8:53 uhhtlpje.net udp
US 8.8.8.8:53 pavflzb.com udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 pjelgigr.net udp
US 8.8.8.8:53 xvqvfufjrf.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 hnzmyy.net udp
US 8.8.8.8:53 usgusggsymus.com udp
US 8.8.8.8:53 imblggrkr.net udp
US 8.8.8.8:53 aydermbbbic.net udp
US 8.8.8.8:53 dfrubuakx.org udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 klqivgyoaos.net udp
US 8.8.8.8:53 zorxhfrvg.net udp
US 8.8.8.8:53 natwlbridsh.org udp
US 8.8.8.8:53 blzqjzne.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 hafkrzlnwet.info udp
US 8.8.8.8:53 dtppzxsq.net udp
US 8.8.8.8:53 wskgigmuymoy.com udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 uiwlkqi.info udp
US 8.8.8.8:53 pxyuzn.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 bqzufznqwkx.com udp
US 8.8.8.8:53 jdvrfulgp.net udp
US 8.8.8.8:53 pcuqjp.net udp
US 8.8.8.8:53 oyprwp.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 zzlovfpft.com udp
US 8.8.8.8:53 vudxkm.net udp
US 8.8.8.8:53 vmivrrxebxt.com udp
US 8.8.8.8:53 ywigcsucyw.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 ueoajixsbrj.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 fetientfv.com udp
US 8.8.8.8:53 terfzwa.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 dmfqysc.com udp
US 8.8.8.8:53 xnfsgy.info udp
US 8.8.8.8:53 eutrjms.info udp
US 8.8.8.8:53 sqwqffsfl.net udp
US 8.8.8.8:53 irybdymegzoj.net udp
US 8.8.8.8:53 uklxzjvqdqt.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ptdqtai.info udp
US 8.8.8.8:53 ujfxforykfmc.net udp
US 8.8.8.8:53 xwxkhwnyfmv.org udp
US 8.8.8.8:53 eyqimgwqka.org udp
US 8.8.8.8:53 zybwcuuelkdj.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 fbzdkixsdkr.org udp
US 8.8.8.8:53 orzccalkasr.info udp
US 8.8.8.8:53 yqvbjulzh.info udp
US 8.8.8.8:53 rqvsclyop.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 imkgwoukmcku.com udp
US 8.8.8.8:53 eccukkmoiq.org udp
US 8.8.8.8:53 srdwxczbzcwr.info udp
US 8.8.8.8:53 wpzuodfb.net udp
US 8.8.8.8:53 hfrmiwtwnol.com udp
US 8.8.8.8:53 jgnwqgx.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 ihyiyxzl.info udp
US 8.8.8.8:53 rybwlvut.info udp
US 8.8.8.8:53 qoydqatybuh.net udp
US 8.8.8.8:53 navsuyi.com udp
US 8.8.8.8:53 rtrvve.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 zacghmv.org udp
US 8.8.8.8:53 vlrhtqhsnj.net udp
US 8.8.8.8:53 wowemqmw.org udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 kykyttpg.info udp
US 8.8.8.8:53 ddhoejbbdcya.info udp
US 8.8.8.8:53 bxjpboicoxkj.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 yssguy.org udp
US 8.8.8.8:53 acsswgkm.com udp
US 8.8.8.8:53 oilnhchav.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 vknuzxlabgbz.net udp
US 8.8.8.8:53 dkrsyqaj.net udp
US 8.8.8.8:53 rpqctxfbtcfy.net udp
US 8.8.8.8:53 coeuwmmceq.org udp
US 8.8.8.8:53 bkjsdopmkg.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 vplnjbndgb.info udp
US 8.8.8.8:53 wnrihqodee.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 wyygiowkuc.com udp
US 8.8.8.8:53 yszyerhod.info udp
US 8.8.8.8:53 okgukgms.org udp
US 8.8.8.8:53 ewgacwomgi.org udp
US 8.8.8.8:53 pdjwhszrl.com udp
US 8.8.8.8:53 hkxwtqh.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 wkquiyaa.com udp
US 8.8.8.8:53 jqlifzlf.net udp
US 8.8.8.8:53 usqstrvvzm.info udp
US 8.8.8.8:53 fivthqqi.info udp
US 8.8.8.8:53 pijpnex.com udp
US 8.8.8.8:53 apbnnengni.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 nopdrjh.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 nraoby.info udp
US 8.8.8.8:53 cwqoag.com udp
US 8.8.8.8:53 bcnzdi.info udp
US 8.8.8.8:53 zxnqdvxhjmte.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 qkpwov.info udp
US 8.8.8.8:53 caxwfyo.info udp
US 8.8.8.8:53 kflrcf.net udp
US 8.8.8.8:53 mqgggocgiieg.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 bqxouzxu.info udp
US 8.8.8.8:53 jszwdr.info udp
US 8.8.8.8:53 ouiqiookyyoc.org udp
US 8.8.8.8:53 ztykonepfn.net udp
US 8.8.8.8:53 xcjopymrlxli.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 njbnpa.info udp
US 8.8.8.8:53 cjofsm.net udp
US 8.8.8.8:53 ybbbpyvkqxj.info udp
US 8.8.8.8:53 ermrcunkrfea.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 kagivguvon.net udp
US 8.8.8.8:53 kqukiq.com udp
US 8.8.8.8:53 palasv.info udp
US 8.8.8.8:53 qgirrftxzald.net udp
US 8.8.8.8:53 psehkcqcm.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 hwrxeat.com udp
US 8.8.8.8:53 jyhifmx.com udp
US 8.8.8.8:53 ganqjzg.net udp
US 8.8.8.8:53 rmzsvkv.com udp
US 8.8.8.8:53 jrvbbkrqp.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 vndkpcj.org udp
US 8.8.8.8:53 kzbicp.info udp
US 8.8.8.8:53 xmxaan.net udp
US 8.8.8.8:53 cjvsfhrol.net udp
US 8.8.8.8:53 vmzcbrpqmnu.org udp
US 8.8.8.8:53 tedihpul.net udp
US 8.8.8.8:53 trhhxfuf.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 wxbahhdq.info udp
US 8.8.8.8:53 ywouucio.org udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 lcxlvagnywpq.info udp
US 8.8.8.8:53 uehbnqz.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 cifubedth.net udp
US 8.8.8.8:53 hmcnlwkt.info udp
US 8.8.8.8:53 iiucmioi.org udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 uduupmeet.net udp
US 8.8.8.8:53 yncjxahugekp.net udp
US 8.8.8.8:53 fhvhglvchbuh.info udp
US 8.8.8.8:53 nbkqbhz.org udp
US 8.8.8.8:53 euyhqptaj.info udp
US 8.8.8.8:53 lftvpj.info udp
US 8.8.8.8:53 jmlpunoylbbf.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 hvjsralcd.net udp
US 8.8.8.8:53 tuhclttnhn.net udp
US 8.8.8.8:53 pipwbsbdy.com udp
US 8.8.8.8:53 qwhptudqu.info udp
US 8.8.8.8:53 lobnjivfon.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 rsmctszkniw.net udp
US 8.8.8.8:53 dlwybgka.info udp
US 8.8.8.8:53 bivupqo.com udp
US 8.8.8.8:53 qcnbvcfgf.net udp
US 8.8.8.8:53 basbeclxx.org udp
US 8.8.8.8:53 oygeywae.com udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 sxcbdafj.net udp
US 8.8.8.8:53 acgigewo.com udp
US 8.8.8.8:53 akyisckski.org udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 dkxeoqa.info udp
US 8.8.8.8:53 bbsqffeexen.info udp
US 8.8.8.8:53 ciqbltpbwjps.net udp
US 8.8.8.8:53 yajpxinqskz.net udp
US 8.8.8.8:53 kywwcsyy.org udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 fhjjhgbrjnhi.net udp
US 8.8.8.8:53 nwbecj.info udp
US 8.8.8.8:53 ycccee.org udp
US 8.8.8.8:53 kmvvwey.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 axvgwchgv.net udp
US 8.8.8.8:53 ioktbkbifcg.net udp
US 8.8.8.8:53 amthtxvkxm.net udp
US 8.8.8.8:53 tbymbpnfvtsg.net udp
US 8.8.8.8:53 xlgqigxl.net udp
US 8.8.8.8:53 xjrrvxjgpnb.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 csggwiguge.com udp
US 8.8.8.8:53 fbeuxcosxdz.org udp
US 8.8.8.8:53 xfrfubbdychs.info udp
US 8.8.8.8:53 fhpuvwbisgi.com udp
US 8.8.8.8:53 txmcdinwhya.info udp
US 8.8.8.8:53 nsdbuilijifp.net udp
US 8.8.8.8:53 qiykiggseigi.com udp
US 8.8.8.8:53 tzbcap.info udp
US 8.8.8.8:53 qmttlgp.net udp
US 8.8.8.8:53 mkjabsieh.net udp
US 8.8.8.8:53 zlbmsinil.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 qckyoayock.org udp
US 8.8.8.8:53 gisgpmwyfg.net udp
US 8.8.8.8:53 iyjofui.info udp
US 8.8.8.8:53 nlzqfql.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 gmcaykoo.org udp
US 8.8.8.8:53 zvyobkiede.net udp
US 8.8.8.8:53 fsnuuofbj.info udp
US 8.8.8.8:53 zrbdnuxkvlld.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 eqigwesc.org udp
US 8.8.8.8:53 helgqqf.info udp
US 8.8.8.8:53 rezaiet.info udp
US 8.8.8.8:53 waddteh.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 fnrxnlbj.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 qnmueiam.net udp
US 8.8.8.8:53 tslwnklif.net udp
US 8.8.8.8:53 pbzgyvwrjazl.net udp
US 8.8.8.8:53 vcocxokj.net udp
US 8.8.8.8:53 lsrmmkbmf.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 kwvjfxs.net udp
US 8.8.8.8:53 eoxoxaz.net udp
US 8.8.8.8:53 zffkhwluckmk.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 pnbhimnwtm.info udp
US 8.8.8.8:53 wgmsmaemmu.org udp
US 8.8.8.8:53 eqzigrhce.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 atztcmd.net udp
US 8.8.8.8:53 igdktubgu.net udp
US 8.8.8.8:53 yoqkyoqo.org udp
US 8.8.8.8:53 ywssrulqz.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 bzmzec.net udp
US 8.8.8.8:53 iuiwyqmeuc.com udp
US 8.8.8.8:53 hfbihufhjue.net udp
US 8.8.8.8:53 uegsgk.org udp
US 8.8.8.8:53 iabmuja.net udp
US 8.8.8.8:53 cdcxbtgcbn.info udp
US 8.8.8.8:53 hyenwxcg.net udp
US 8.8.8.8:53 pbsivheg.net udp
US 8.8.8.8:53 eusywo.com udp
US 8.8.8.8:53 uwzspvyap.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 qtyfzh.net udp
US 8.8.8.8:53 zdvekgqcwh.net udp
US 8.8.8.8:53 knaaduv.info udp
US 8.8.8.8:53 beyhvc.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 tnjeqfii.net udp
US 8.8.8.8:53 cddotdfud.net udp
US 8.8.8.8:53 fgrnguhvd.net udp
US 8.8.8.8:53 muqsiqcwos.org udp
US 8.8.8.8:53 xetswnz.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 zuxgtaw.info udp
US 8.8.8.8:53 sksxqaatrsuf.info udp
US 8.8.8.8:53 skmkquqwmaae.com udp
US 8.8.8.8:53 gsmalljblrdo.info udp
US 8.8.8.8:53 xoftzkjaprz.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 uoaodczsdrq.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 vpiqrozncdnx.info udp
US 8.8.8.8:53 nertyusucf.net udp
US 8.8.8.8:53 mkxxjspo.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 zqxgspl.org udp
US 8.8.8.8:53 jofkruowj.info udp
US 8.8.8.8:53 anbwpjfw.info udp
US 8.8.8.8:53 crvamnkv.net udp
US 8.8.8.8:53 mruwqfbe.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 kwxdfzeuv.net udp
US 8.8.8.8:53 guflhvfxosh.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 bbjucm.info udp
US 8.8.8.8:53 ummymm.org udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 hbzywqslbe.info udp
US 8.8.8.8:53 uilkpba.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 mjceectzze.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 jtzvdg.net udp
US 8.8.8.8:53 eugksuaw.org udp
US 8.8.8.8:53 lliynip.com udp
US 8.8.8.8:53 aeaogy.org udp
US 8.8.8.8:53 sccswqycameu.com udp
US 8.8.8.8:53 sfexbzvriz.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 adlqmgjcj.info udp
US 8.8.8.8:53 uglnowt.info udp
US 8.8.8.8:53 hqtlzjcvge.net udp
US 8.8.8.8:53 nirfqtzbesiu.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 jpugqt.info udp
US 8.8.8.8:53 jejcqyirst.info udp
US 8.8.8.8:53 dcmherpo.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 meswwsaasaqg.org udp

Files

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

MD5 a4ebfcec20d40bf9917c1f0724917442
SHA1 fe9cef99034f175c7077177ca7e3891fb62b1bba
SHA256 d852503961e4da73c886f3fef92052485885f1b6d3bb78ee531a8f4010972119
SHA512 f4e792c3edfd79453b6acdf2a9fd35cc79d88ca5bec46d8b770a9c7b44a48fda1425aac1bc16d507ee69f929a3ab2a4aff5ef913202ac337b1c5fd7f01d610dc

C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe

MD5 bd0b66050d49b213e682c9f3dbddd4f4
SHA1 3e6dc7c446dc88cd3b9aa237c8d4836bff134a18
SHA256 36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7
SHA512 7d0b3e9d573564d7d937b9ec83f21682a692c5ddb3797b155866b7620ecfebd6d2e444ab6d5a3f17b0d15a2db6af11f84aedfc93671c68d239cd2236c3b75ffa

C:\Users\Admin\AppData\Local\Temp\edhsp.exe

MD5 92230bb7c6f8310b073ab11d7ced7c4f
SHA1 fc76b48a20098bdb18aff9ad3873b1ed38de682e
SHA256 75d0b8a7557b494077dfadecf260d8ac46b33ab543cc3448a56509f06f616115
SHA512 ac5c89902e2f0220a49ac98d0fd504c970bd240528a4272ae3379ffb1c4303889e390244df03e8548ff969d60f3061f39ce6e08fbb5752b722f4d98e52df1623

C:\Users\Admin\AppData\Local\gbbibffeljvaygbmdoyttat.xwd

MD5 6bba45a346e0e6851ee2e2e2588cdb92
SHA1 3424cd681369c2c39072981e02d00d341858dc85
SHA256 04865af93c1a00e98be319571cae6819d7fdcb9a9aff5d849dcfeb152ce98488
SHA512 6ee9d07b7d552f0068f4b2e043052b9265b9c413143588bee17d1a548ebcd2719764e2da716c5a940e88486e2edd40de5b9f92d27a252cc011da8ea89a6e80a1

C:\Users\Admin\AppData\Local\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp

MD5 b8c182b375b61fc7bc5c091eafda0566
SHA1 6826bb5455808db0a0bb6085c0f0a8e943191a34
SHA256 3b53c4567df2cdb40c8a32309358ceb9a4bd138dfe1544fe576fcfd325ec219b
SHA512 8ae400028bb22ea97120ff233d991ee13d10744e4b9cf5e7cc6ef313cdf501738b664bf9ad0df5b7f5b5263b3407f6d1cf085cc816abc852426c9174adc171ca

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 1a1d256d99847cb8eb4e0ca014052f5d
SHA1 76a683d134b3636c3103bc357056a4cf81840323
SHA256 b25acc7a06c8ffc7dcb4ed79a2cdfacd60a34324877621af490a4eeb5dbb3ee7
SHA512 20dfcbc5e813ab72106d483cceacc6b8456a56f5b96f442558279e76ab83cb086b807dac26b656b64e128291cdf5ad2f73c3cf498e6517cdc31bdc651b36c932

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 7c18942302bf5e29f6f7f1be5d9906fb
SHA1 dc31c34f76018b88376eb1eaa94a283c6f77acdb
SHA256 981308ad7f3ae755bfcc21fb76b05d5687c0b51609a561120d55a9fe42b90b5d
SHA512 fba5f0720035ccb9537ff589855e67b025f5c29f83892bbb1bec2c29ca1cd9dbf8129cfd62d2abe568f5f2d4ca585ec74dac9a3c30bf9c7a7a9941c84feb524d

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 553078faeda10b51f388fadcb49a5b75
SHA1 d7da2fbead73536f2bb6d424397b63975393a714
SHA256 8cad1c58a765619f8443850f1c2307d72f2cb2bdc8edbc6131c2dd665bb3db36
SHA512 f0750fdb75d96df1fb91d8da41554ad56cdf4bf45474ab347825e5ee6514c05e83f44c1c7f45063bfa4311d69f630e9cd985ce5d62e8656a0132cb5da621ea92

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 bb567a217895b0f0172efe265fb1c810
SHA1 b224175ad200010387b32d4fa3a976bfc0e267e4
SHA256 6da19d9b5d509dbb2e235f2dfa6c249fd4acf854b129b53e0ed22b9e77b595d6
SHA512 f7c2feeef4e7b73f68bcb270c164577a04795c3d85599d14ef086266c2d6c39720b8b6bff56daa2dbddd3e10e0d58e4d8ff227b2f5a8d834ce9229fc905e9b57

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 344ba62df3105d10de37f6cff4b9d7a3
SHA1 e03b602ac15b3d92ea29a8220e575bd1cd654ac1
SHA256 399d38df390780c4c49fc5c6477f3c3eeced9b77e9a04c2cb288bfb63c6bb8d0
SHA512 051a6ae3ba223f202ea36c747c3dffc596cd027187cf54857648c5889911cabd13aad75fa4d22b2a1a0cb921350ab03967f82769ed6b86fee18be022c6aca375

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 ac75b52d036241feea989c485dbe4c6b
SHA1 fd4ece502d31015e15a623942bcfc4386389d399
SHA256 fb6bef670b6b7046c154bcfb06731a685fa3d2262f0a0d8c12385c70827a1233
SHA512 35639480c1d48d6cc724a1a7d156ae81ec8c72b9323b8a39314172dbb1e4c9844fe4c85aeced82268bb6bba334a7466cf001ccdc8d5cbbfb31bfeb98c99209ef

C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd

MD5 611be69a8bbb2ee52b4c93ba9d4d4ac9
SHA1 9fddc8370d6299d23679f19cee2a7871f3524724
SHA256 4762cfd22ef989adf682ecd7b455f3f94cf304f33f166024d8350a4471713fbc
SHA512 adffa0dcb38b34d97ed545a7c38f3cf8033b3e91f0cd4351107be145af26a751eebb4e554ab8490f1350638cfab5592bcdf00d7b16fee3b96c1f2e01ef1d3e3a