Malware Analysis Report

2025-08-10 16:33

Sample ID 250418-nnmpestqz6
Target JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f
SHA256 57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7
Tags
pykspa discovery worm defense_evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7

Threat Level: Known bad

The file JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f was found to be: Known bad.

Malicious Activity Summary

pykspa discovery worm defense_evasion persistence privilege_escalation trojan

Pykspa family

UAC bypass

Pykspa

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops autorun.inf file

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 11:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 11:32

Reported

2025-04-18 11:35

Platform

win10v2004-20250314-en

Max time kernel

1s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"

Signatures

Pykspa

worm pykspa

Pykspa family

pykspa

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bddd16d20828ab7fce7d46416ccf084f.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\dcgpx.exe

"C:\Users\Admin\AppData\Local\Temp\dcgpx.exe" "-C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\dcgpx.exe

"C:\Users\Admin\AppData\Local\Temp\dcgpx.exe" "-C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe

C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe

C:\Windows\qctpkdrifroctbsthh.exe

qctpkdrifroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Windows\ocvtqlbuthgwpzsvlnky.exe

ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\dsmljfwqqffwqbvzqtrga.exe

dsmljfwqqffwqbvzqtrga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .

C:\Windows\hsidxpcsozviyfvvi.exe

hsidxpcsozviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .

C:\Windows\akztmdpezjeqflaz.exe

akztmdpezjeqflaz.exe .

C:\Windows\bogdztiayljyqzrtijf.exe

bogdztiayljyqzrtijf.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.imdb.com udp
FR 52.222.159.143:80 www.imdb.com tcp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 mxxjju.net udp
US 8.8.8.8:53 jzsirdfsyukt.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wygwxlwcmzo.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 aytqtwnyowi.info udp
US 8.8.8.8:53 rizmpipud.com udp
US 8.8.8.8:53 pjpmip.net udp
US 8.8.8.8:53 bbvmvonsrgo.org udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 cdnvtqfayzot.net udp
US 8.8.8.8:53 rruxngoz.info udp
US 8.8.8.8:53 cqjmeavp.net udp
US 8.8.8.8:53 ldqvitu.net udp
US 8.8.8.8:53 kpsdwlyvip.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 smtwlwbcmrf.info udp
US 8.8.8.8:53 oxvlduwsjcyi.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 lrxzhhrxd.org udp
US 8.8.8.8:53 mgbbcnye.net udp
US 8.8.8.8:53 vvvhsnhfsr.info udp
US 8.8.8.8:53 bptjkkx.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 oyxjzglbsbwn.net udp
US 8.8.8.8:53 lgfrmss.net udp
US 8.8.8.8:53 kkdzxs.net udp
US 8.8.8.8:53 vmptklcuben.info udp
US 8.8.8.8:53 rvandrin.net udp
US 8.8.8.8:53 bdxfkh.net udp
US 8.8.8.8:53 zgxzzod.info udp
US 8.8.8.8:53 hxuditquuz.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 qnxzvfgcca.info udp
US 8.8.8.8:53 kfsqntrcs.net udp
US 8.8.8.8:53 cwogwwqgwmgm.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 srfjtwetfuan.info udp
US 8.8.8.8:53 qmbgtxj.net udp
US 8.8.8.8:53 xepqbwk.org udp
US 8.8.8.8:53 bnmgfhntqi.info udp
US 8.8.8.8:53 icfeutzo.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 cmjmiwi.info udp
US 8.8.8.8:53 ohjpjthfof.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 onrcmglgtep.net udp
US 8.8.8.8:53 yiusemug.com udp
US 8.8.8.8:53 qctnfsitf.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 kinqso.info udp
US 8.8.8.8:53 mpxswwp.info udp
US 8.8.8.8:53 ywsfkahy.net udp
US 8.8.8.8:53 hpfsvsseucj.info udp
US 8.8.8.8:53 vewgnb.net udp
US 8.8.8.8:53 hzeqlh.info udp
US 8.8.8.8:53 brnqtaoogutm.info udp
US 8.8.8.8:53 qoisgkqpbv.net udp
US 8.8.8.8:53 oomnhmr.info udp
US 8.8.8.8:53 meyyom.com udp
US 8.8.8.8:53 masuce.org udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 rmmbmxnrsqus.info udp
US 8.8.8.8:53 nbldknpemyy.org udp
US 8.8.8.8:53 pmvnnbid.net udp
US 8.8.8.8:53 vgfeca.net udp
US 8.8.8.8:53 psdnfixkknp.net udp
US 8.8.8.8:53 wzftwstp.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 jssewqd.org udp
US 8.8.8.8:53 codsuzkuv.net udp
US 8.8.8.8:53 mofgvjsmri.net udp
US 8.8.8.8:53 pcpupcdcdui.net udp
US 8.8.8.8:53 finenndqxcq.org udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 ayoswemiwq.com udp
US 8.8.8.8:53 ioemkqauge.org udp
US 8.8.8.8:53 grrmba.info udp
US 8.8.8.8:53 zmrdlsopsqx.info udp
US 8.8.8.8:53 hqocfifwnsx.org udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 nwwjkxainu.info udp
US 8.8.8.8:53 xlfnyed.com udp
US 8.8.8.8:53 uiefwgxfpstw.info udp
US 8.8.8.8:53 wbyztvtxpy.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 jpcwlymgl.com udp
US 8.8.8.8:53 psspvnvmmh.info udp
US 8.8.8.8:53 oesukj.net udp
US 8.8.8.8:53 lenibyekxyv.info udp
US 8.8.8.8:53 zmrrcmo.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 odjdfs.info udp
US 8.8.8.8:53 hhethf.net udp
US 8.8.8.8:53 zrxobj.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 bwaaxjz.net udp
US 8.8.8.8:53 xolodqwajgg.net udp
US 8.8.8.8:53 xyvmqzpiiw.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 hynkazgw.info udp
US 8.8.8.8:53 pqfhvw.info udp
US 8.8.8.8:53 jkzxjpbitkv.info udp
US 8.8.8.8:53 zmrkhrdhr.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 swyksuoggk.com udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 oavepmbqny.info udp
US 8.8.8.8:53 eenmfxh.net udp
US 8.8.8.8:53 mtnicgfcy.net udp
US 8.8.8.8:53 lnddxkqqk.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 dkthqi.info udp
US 8.8.8.8:53 cyrafgu.info udp
US 8.8.8.8:53 iqowyoyy.com udp
US 8.8.8.8:53 nlcgdarufo.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 jbqrjtlrbb.net udp
US 8.8.8.8:53 geuyaewauw.org udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 xefehixwaiz.info udp
US 8.8.8.8:53 guxfxajidjh.net udp
US 8.8.8.8:53 ickowuoa.org udp
US 8.8.8.8:53 bdfpzxbas.info udp
US 8.8.8.8:53 gvlliv.net udp
US 8.8.8.8:53 ixborjychow.net udp
US 8.8.8.8:53 lsleirsjrkj.org udp
US 8.8.8.8:53 zzwthbewcr.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 uzlpflfpwp.info udp
US 8.8.8.8:53 lxnvtcnccexz.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 aogqwokw.org udp
US 8.8.8.8:53 yvxetzrij.info udp
US 8.8.8.8:53 ogtctherniw.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 wyiccisgegue.org udp
US 8.8.8.8:53 xruxba.net udp
US 8.8.8.8:53 qinmtajkftj.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 zmgswk.info udp
US 8.8.8.8:53 kkeuwlkf.info udp
US 8.8.8.8:53 qerhtfr.info udp
US 8.8.8.8:53 dggerxaiqqd.com udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ixfllp.info udp
US 8.8.8.8:53 gsjwzsxqpgi.net udp
US 8.8.8.8:53 rkdsvd.info udp
US 8.8.8.8:53 zaeildxwdiv.com udp
US 8.8.8.8:53 horrtcljbb.net udp
US 8.8.8.8:53 ojxplpnq.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 asviyilov.info udp
US 8.8.8.8:53 ffmichmgdu.info udp
US 8.8.8.8:53 wiisqqceay.org udp
US 8.8.8.8:53 shdbtspqbgr.info udp
US 8.8.8.8:53 zkrwbiv.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 geuuuisyke.org udp
US 8.8.8.8:53 jkyutctoy.net udp
US 8.8.8.8:53 aaliqunsnuv.info udp
US 8.8.8.8:53 kuofau.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 wsgclqdmktt.info udp
US 8.8.8.8:53 nmxavafeuml.net udp
US 8.8.8.8:53 rgdxvck.org udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 kbbqlplvblxv.info udp
US 8.8.8.8:53 zcdseajxb.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 uiamflwkoux.net udp
US 8.8.8.8:53 jgvmlkw.info udp
US 8.8.8.8:53 ygiywk.com udp
US 8.8.8.8:53 fykqlzuq.net udp
US 8.8.8.8:53 iwskkewy.org udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 nwjjzbvlpxvi.info udp
US 8.8.8.8:53 nogbdz.net udp
US 8.8.8.8:53 owwkussqmqoq.org udp
US 8.8.8.8:53 jjxscz.info udp
US 8.8.8.8:53 mgeyqqwq.com udp
US 8.8.8.8:53 uueksa.org udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 rlndnmt.com udp
US 8.8.8.8:53 eewqmwso.com udp
US 8.8.8.8:53 hwuwun.net udp
US 8.8.8.8:53 uclaghnidq.net udp
US 8.8.8.8:53 tvjkyil.org udp
US 8.8.8.8:53 ghpxhyz.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 rcijofb.info udp
US 8.8.8.8:53 guxlrcjbznsn.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 sgukossswawk.org udp
US 8.8.8.8:53 gkasasosukym.com udp
US 8.8.8.8:53 fdtshsudt.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 fkdgakrwl.com udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 rqtequj.info udp
US 8.8.8.8:53 rjbkxyckv.net udp
US 8.8.8.8:53 pmksdndsj.com udp
US 8.8.8.8:53 goseoc.org udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 qrrwejftnw.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 grbizp.info udp
US 8.8.8.8:53 nivynynomdt.info udp
US 8.8.8.8:53 uhdinpb.info udp
US 8.8.8.8:53 amwucibhb.info udp
US 8.8.8.8:53 djvixyu.com udp
US 8.8.8.8:53 aylqdyvpbum.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 lylidkt.com udp
US 8.8.8.8:53 cscccawooaic.org udp
US 8.8.8.8:53 sijwoachx.info udp
US 8.8.8.8:53 bbxpzwp.net udp
US 8.8.8.8:53 lejnbusqzga.info udp
US 8.8.8.8:53 xejcfc.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 csyhknvi.net udp
US 8.8.8.8:53 jraynomkvlcg.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 vxcriivk.info udp
US 8.8.8.8:53 cxtxwl.info udp
US 8.8.8.8:53 fyviyepybmr.net udp
US 8.8.8.8:53 avbojunl.net udp
US 8.8.8.8:53 jjniskc.net udp
US 8.8.8.8:53 qwbgkfeythzf.net udp
US 8.8.8.8:53 rmrkccttr.org udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 fzwtplsssdm.com udp
US 8.8.8.8:53 hqchlldn.info udp
US 8.8.8.8:53 xgkoesnqhqn.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 vgrkxrlpjwgo.info udp
US 8.8.8.8:53 ftncaeiyva.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 wgqaqskw.org udp
US 8.8.8.8:53 yuweyesskq.com udp
US 8.8.8.8:53 vxdtqmkmgwdh.info udp
US 8.8.8.8:53 vsjzyzrg.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 sgkesswq.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 xoxqrbj.net udp
US 8.8.8.8:53 rcsvxj.info udp
US 8.8.8.8:53 bzvorxtfjqkp.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 yaqqvnety.info udp
US 8.8.8.8:53 eyyesugw.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 zmjmatacyf.info udp
US 8.8.8.8:53 mmfmkw.net udp
US 8.8.8.8:53 qqoezbkedkp.info udp
US 8.8.8.8:53 yaiytack.info udp
US 8.8.8.8:53 muksraozppo.net udp
US 8.8.8.8:53 iqcozon.net udp
US 8.8.8.8:53 nhavxzep.net udp
US 8.8.8.8:53 xmbmxpdr.net udp
US 8.8.8.8:53 eookgmscaaeg.org udp
US 8.8.8.8:53 wiuywqgg.com udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 pgtvpr.net udp
US 8.8.8.8:53 rmusvsivha.net udp
US 8.8.8.8:53 axkkoc.info udp
US 8.8.8.8:53 gwpacsye.net udp
US 8.8.8.8:53 zedpcq.net udp
US 8.8.8.8:53 rwlaxbv.net udp
US 8.8.8.8:53 bozwvfn.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 eyablupuzch.info udp
US 8.8.8.8:53 cwueekeois.org udp
US 8.8.8.8:53 wmkaqm.org udp
US 8.8.8.8:53 lctlhoi.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 tgguni.info udp
US 8.8.8.8:53 ivgdie.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 bptupy.info udp
US 8.8.8.8:53 nkopkxjspnfh.net udp
US 8.8.8.8:53 zgccgosrtn.net udp
US 8.8.8.8:53 zxauxupk.net udp
US 8.8.8.8:53 iyoeeqokky.org udp
US 8.8.8.8:53 gydqvilfjoy.net udp
US 8.8.8.8:53 otrncozw.info udp
US 8.8.8.8:53 bwptpjjg.info udp
US 8.8.8.8:53 mcesgigsqwwq.com udp
US 8.8.8.8:53 tuetjrfirc.net udp
US 8.8.8.8:53 esgocwko.org udp
US 8.8.8.8:53 vboajdtwyw.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 wjaxrznftgxw.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 phsplyh.com udp
US 8.8.8.8:53 cavmmkdbrs.net udp
US 8.8.8.8:53 pdstcckfspiq.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 tejoxyynn.com udp
US 8.8.8.8:53 qbglywocregi.info udp
US 8.8.8.8:53 fuprzpzfje.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 twynxgrbf.info udp
US 8.8.8.8:53 vwrzptaq.info udp
US 8.8.8.8:53 lcvdlg.net udp
US 8.8.8.8:53 emqykacoge.com udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 tgzhsocqn.com udp
US 8.8.8.8:53 kihglcjvch.net udp
US 8.8.8.8:53 fgtfxntyluvc.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 maykjgqsf.info udp
US 8.8.8.8:53 jzxcjxws.info udp
US 8.8.8.8:53 qvhsyenu.net udp
US 8.8.8.8:53 xgyytcrg.net udp
US 8.8.8.8:53 macjhwafvyn.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 yaddnasuqof.info udp
US 8.8.8.8:53 mjlihcz.info udp
US 8.8.8.8:53 fzpqvhpk.info udp
US 8.8.8.8:53 iixqhbp.info udp
US 8.8.8.8:53 zmlmgcfvzshw.info udp
US 8.8.8.8:53 icycog.com udp
US 8.8.8.8:53 lhamhxrlfz.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 eooekyeaoiic.org udp
US 8.8.8.8:53 uysgaymgkw.com udp
US 8.8.8.8:53 jxtzpa.info udp
US 8.8.8.8:53 hkpmjgwqdic.com udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 bhrora.net udp
US 8.8.8.8:53 smbtmbl.info udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 qwbwlrdml.info udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 dpihyq.info udp
US 8.8.8.8:53 ddqoertujn.info udp
US 8.8.8.8:53 crtsqzvwd.info udp
US 8.8.8.8:53 vcmcub.net udp
US 8.8.8.8:53 fpdzcf.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 tvfdtr.info udp
US 8.8.8.8:53 imcyia.org udp
US 8.8.8.8:53 uzjqoxvf.net udp
US 8.8.8.8:53 xelcvtl.info udp
US 8.8.8.8:53 jztawui.com udp
US 8.8.8.8:53 ietmkdn.info udp
US 8.8.8.8:53 fwmwwklnc.org udp
US 8.8.8.8:53 dyfudylevgw.info udp
US 8.8.8.8:53 fyqswgqkfmn.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 nefsbc.info udp
US 8.8.8.8:53 ambklqlninh.net udp
US 8.8.8.8:53 brjrnydukkdm.net udp
US 8.8.8.8:53 dlwqdsuzjq.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 lidqcsgvp.com udp
US 8.8.8.8:53 kovjvlvg.net udp
US 8.8.8.8:53 cotfeoyazgy.net udp
US 8.8.8.8:53 jypihvpacjx.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 vvdonccs.info udp
US 8.8.8.8:53 opzgai.info udp
US 8.8.8.8:53 tlplrswl.info udp
US 8.8.8.8:53 ikchzkaub.info udp
US 8.8.8.8:53 ouffbebjz.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 gmyqwwmacyqa.org udp
US 8.8.8.8:53 nktlrqnknxzj.net udp
US 8.8.8.8:53 koemgw.org udp
US 8.8.8.8:53 rjxmklqc.info udp
US 8.8.8.8:53 gsrlwi.info udp
US 8.8.8.8:53 iqbauf.info udp
US 8.8.8.8:53 rkdlbehmv.com udp
US 8.8.8.8:53 bonekamuyej.com udp
US 8.8.8.8:53 sqmaiyyu.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 kroura.net udp
US 8.8.8.8:53 coygkk.org udp
US 8.8.8.8:53 pcqffa.net udp
US 8.8.8.8:53 aqmiackiiaqy.com udp
US 8.8.8.8:53 dpuyggmxpk.info udp
US 8.8.8.8:53 isddton.info udp
US 8.8.8.8:53 tgvwszyguklg.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 ojwkxuiua.info udp
US 8.8.8.8:53 blwltfvt.net udp
US 8.8.8.8:53 tnyynqhaoaa.com udp
US 8.8.8.8:53 ksncxd.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 uhakoizhpwte.net udp
US 8.8.8.8:53 joqpehfe.info udp
US 8.8.8.8:53 laydfipusg.net udp
US 8.8.8.8:53 ssbsnko.info udp
US 8.8.8.8:53 weeygk.com udp
US 8.8.8.8:53 rwppaidivyx.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 fceotnkgoniq.info udp
US 8.8.8.8:53 zcqupzl.info udp
US 8.8.8.8:53 eqnycattw.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 baskkxppoeil.net udp
US 8.8.8.8:53 jynsrpxj.info udp
US 8.8.8.8:53 ljttka.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 wvafxsfexvt.net udp
US 8.8.8.8:53 fkiqjhigrzdu.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 smgfcyhqfmve.net udp
US 8.8.8.8:53 ukpdcrdj.net udp
US 8.8.8.8:53 ueakvvvuxsx.info udp
US 8.8.8.8:53 dcfmhcdpb.net udp
US 8.8.8.8:53 oszwkmdswwz.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 kwsxtjjukrrp.info udp
US 8.8.8.8:53 rviyqscdbsce.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 kohchflwkoc.net udp
US 8.8.8.8:53 pkbwszosdbhx.net udp
US 8.8.8.8:53 tudyxihdnjo.org udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 wmwsga.com udp
US 8.8.8.8:53 korjkotedahq.net udp
US 8.8.8.8:53 wsnkjol.info udp
US 8.8.8.8:53 brmyuwjfzee.net udp
US 8.8.8.8:53 bukrfvzaekj.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 eykqvetoj.info udp
US 8.8.8.8:53 sqswqs.com udp
US 8.8.8.8:53 bzewmcp.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 uhwrxvzv.info udp
US 8.8.8.8:53 wcewkccckiwo.com udp
US 8.8.8.8:53 luievqbp.info udp
US 8.8.8.8:53 rfghthyyls.net udp
US 8.8.8.8:53 pxzrpot.com udp
US 8.8.8.8:53 nuhmusmaa.org udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 iewglqv.info udp
US 8.8.8.8:53 zknshmx.net udp
US 8.8.8.8:53 yolufav.net udp
US 8.8.8.8:53 dtlvfetidah.org udp
US 8.8.8.8:53 rriopecy.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 skkwua.com udp
US 8.8.8.8:53 btbqxvl.com udp
US 8.8.8.8:53 tzlegkwnci.info udp
US 8.8.8.8:53 wzpstuympb.info udp
US 8.8.8.8:53 mciwtbual.net udp
US 8.8.8.8:53 yywgqeygow.com udp
US 8.8.8.8:53 ottszdlij.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 wgmtuv.net udp
US 8.8.8.8:53 jsnlpfot.net udp
US 8.8.8.8:53 mkmgqioyqm.org udp
US 8.8.8.8:53 bqwhpxmajcl.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 emouiqoeey.com udp
US 8.8.8.8:53 twbevjz.org udp
US 8.8.8.8:53 dwphah.info udp
US 8.8.8.8:53 asritmn.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 iegxlvljrlaw.info udp
US 8.8.8.8:53 iqffdnc.info udp
US 8.8.8.8:53 tcyormp.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 ordxkqunjg.info udp
US 8.8.8.8:53 pdmrucfubtmk.net udp
US 8.8.8.8:53 kutpkfpmiwxl.net udp
US 8.8.8.8:53 rinuzap.net udp
US 8.8.8.8:53 uhdpwayqes.info udp
US 8.8.8.8:53 nqlhexlkxow.info udp
US 8.8.8.8:53 tslsiavu.net udp
US 8.8.8.8:53 lpndpadg.info udp
US 8.8.8.8:53 bcxkaty.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 stvlyiqinr.info udp
US 8.8.8.8:53 yarnfrbn.net udp
US 8.8.8.8:53 gljhtjlp.net udp
US 8.8.8.8:53 iiiskymoj.net udp
US 8.8.8.8:53 ypzyxcsypkt.info udp
US 8.8.8.8:53 soarhafuu.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 syeqiq.org udp
US 8.8.8.8:53 iipgzgwsh.net udp
US 8.8.8.8:53 vjxqvtxugih.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 kueoahlk.net udp
US 8.8.8.8:53 margpwtq.info udp
US 8.8.8.8:53 ysocgsgeuc.com udp
US 8.8.8.8:53 rgnyiys.com udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 pglcvrbhne.info udp
US 8.8.8.8:53 binvxezmz.net udp
US 8.8.8.8:53 wofotmvkb.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 imepfgvon.info udp
US 8.8.8.8:53 botamsdnlkr.com udp
US 8.8.8.8:53 firjwo.net udp
US 8.8.8.8:53 lkxqsszxxip.org udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 akwiimgk.com udp
US 8.8.8.8:53 ilmivzzq.net udp
US 8.8.8.8:53 natwlbridsh.org udp
US 8.8.8.8:53 zopajnqp.info udp
US 8.8.8.8:53 uyhkxx.net udp
US 8.8.8.8:53 nzwabzrtw.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 xzxpqlre.info udp
US 8.8.8.8:53 xigrtsbpxw.net udp
US 8.8.8.8:53 roeczknel.org udp
US 8.8.8.8:53 bhconp.net udp
US 8.8.8.8:53 camgkaakcmiu.org udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 ayltbbkrf.info udp
US 8.8.8.8:53 btkxjqz.info udp
US 8.8.8.8:53 fulwrhyiroho.net udp
US 8.8.8.8:53 hjblzfooe.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 trberutyvm.net udp
US 8.8.8.8:53 tmhqkdjbtcff.net udp
US 8.8.8.8:53 domooypuz.com udp
US 8.8.8.8:53 sansykrfmqzw.info udp
US 8.8.8.8:53 uxeobyn.info udp
US 8.8.8.8:53 ttfkfsu.net udp
US 8.8.8.8:53 mykime.com udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 wmdcwguyz.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 kccuicwq.com udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 pzsrnn.info udp
US 8.8.8.8:53 ffivja.net udp
US 8.8.8.8:53 vxdbtoe.com udp
US 8.8.8.8:53 dbnovrbyjdgl.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 pilczxhqv.com udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 qqldcbxk.info udp
US 8.8.8.8:53 muxpauf.net udp
US 8.8.8.8:53 uhfvhw.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 hvtnfmsct.com udp
US 8.8.8.8:53 ctnxecvoc.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 jesklrzdhksy.net udp
US 8.8.8.8:53 viwyrwydb.org udp
US 8.8.8.8:53 qgpjhqbuj.net udp
US 8.8.8.8:53 navsuyi.com udp
US 8.8.8.8:53 tcjitvsoa.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 uxlattngpbu.net udp
US 8.8.8.8:53 ousceyks.com udp
US 8.8.8.8:53 whrckcrakab.net udp
US 8.8.8.8:53 qaoolcphz.net udp
US 8.8.8.8:53 vxwtigtq.net udp
US 8.8.8.8:53 xhihxjejaj.net udp
US 8.8.8.8:53 jupcjjpuvahh.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 maewqgqcqugm.com udp
US 8.8.8.8:53 xcegnadkpjew.net udp
US 8.8.8.8:53 dxrtgb.info udp
US 8.8.8.8:53 hkbcdwlfi.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 vgbgvfhiuce.com udp
US 8.8.8.8:53 hsgammbenkn.org udp
US 8.8.8.8:53 wsgmmg.com udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 hemzisncitgg.info udp
US 8.8.8.8:53 exhinvnh.net udp
US 8.8.8.8:53 pvhmrdpwiagn.info udp
US 8.8.8.8:53 rrscifnk.info udp
US 8.8.8.8:53 kaeqku.org udp
US 8.8.8.8:53 ewnknknvgwd.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 oeztro.net udp
US 8.8.8.8:53 xduorrxy.net udp
US 8.8.8.8:53 iicmuwes.com udp
US 8.8.8.8:53 gurqlmacz.net udp
US 8.8.8.8:53 undkjax.info udp
US 8.8.8.8:53 hudmbsowa.com udp
US 8.8.8.8:53 yoiyqciiiy.org udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 yszyerhod.info udp
US 8.8.8.8:53 xjvavx.info udp
US 8.8.8.8:53 oyfajuxj.net udp
US 8.8.8.8:53 dyninvpkm.org udp
US 8.8.8.8:53 iezzcskzjbde.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 iuewoi.org udp
US 8.8.8.8:53 pijpnex.com udp
US 8.8.8.8:53 apbnnengni.net udp
US 8.8.8.8:53 bykewefql.org udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 guoasgeikiyg.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 xhfuhgdouxvx.net udp
US 8.8.8.8:53 qrwxqshfjeue.net udp
US 8.8.8.8:53 aaoqkaiy.com udp
US 8.8.8.8:53 rsqrjw.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 kmkemysw.org udp
US 8.8.8.8:53 nblldf.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 uzfcdkjkx.net udp
US 8.8.8.8:53 uqenlwgfp.net udp
US 8.8.8.8:53 vmtkgndcoij.com udp
US 8.8.8.8:53 jldmbun.net udp
US 8.8.8.8:53 qhjwksvdgs.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 njbnpa.info udp
US 8.8.8.8:53 bglajz.info udp
US 8.8.8.8:53 ioaimg.org udp
US 8.8.8.8:53 zwhdhqx.org udp
US 8.8.8.8:53 wkrosta.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 wmnddkp.net udp
US 8.8.8.8:53 soewsekawuem.com udp
US 8.8.8.8:53 cqfmvkoojgd.net udp
US 8.8.8.8:53 palasv.info udp
US 8.8.8.8:53 wphisjpv.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 ansspknyumi.net udp
US 8.8.8.8:53 beoegcz.info udp
US 8.8.8.8:53 wolzxwlpxx.info udp
US 8.8.8.8:53 balgcofy.net udp
US 8.8.8.8:53 tmezjobct.org udp
US 8.8.8.8:53 wkiqqeouum.org udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 mkmkeoiqsykw.com udp
US 8.8.8.8:53 ccquddl.info udp
US 8.8.8.8:53 wibmxwn.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 qgfttnzahij.info udp
US 8.8.8.8:53 eaymbwj.net udp
US 8.8.8.8:53 rgnxfmvgd.info udp
US 8.8.8.8:53 wuhyfaucb.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 dkmfamjfgx.info udp
US 8.8.8.8:53 fctanjqmbgc.info udp
US 8.8.8.8:53 kpmwibye.info udp
US 8.8.8.8:53 cmfqzymmfch.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 wgmgokauce.com udp
US 8.8.8.8:53 lnzclwbjfq.net udp
US 8.8.8.8:53 prjruclfruku.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 hhqgdzboa.net udp
US 8.8.8.8:53 dqvhzeat.info udp
US 8.8.8.8:53 xosgcktbd.info udp
US 8.8.8.8:53 pzdwoonvvfbp.net udp
US 8.8.8.8:53 vtsbenkw.info udp
US 8.8.8.8:53 gjxescawxqw.info udp
US 8.8.8.8:53 vzbmtxrzh.info udp
US 8.8.8.8:53 ujbpgjsgnyv.info udp
US 8.8.8.8:53 agihjvfb.info udp
US 8.8.8.8:53 efhrnkvox.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 rwjmmif.info udp
US 8.8.8.8:53 etfgbo.info udp
US 8.8.8.8:53 cgzgyvrun.net udp
US 8.8.8.8:53 oogiyy.com udp
US 8.8.8.8:53 vswwruu.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 mxucunzfzgza.info udp
US 8.8.8.8:53 uahwdirqu.info udp
US 8.8.8.8:53 qikqywoe.org udp
US 8.8.8.8:53 tuzjpo.info udp
US 8.8.8.8:53 ppnhptg.com udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 qqjqiaiep.net udp
US 8.8.8.8:53 zmlmgarac.net udp
US 8.8.8.8:53 rwmwxyv.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 rfrzsqxkupvo.net udp
US 8.8.8.8:53 ttkfqpjt.info udp
US 8.8.8.8:53 vqjepwwif.info udp
US 8.8.8.8:53 lehwccq.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 pvzyfdpvfe.net udp
US 8.8.8.8:53 bhdqdgncxez.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 kiuhrunjk.net udp
US 8.8.8.8:53 csggwiguge.com udp
US 8.8.8.8:53 icjjnapiwig.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 frxfhtgdobca.net udp
US 8.8.8.8:53 usschmuipyz.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 kwpsjbsvfn.net udp
US 8.8.8.8:53 eddvngsohq.info udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 vsxusclwir.net udp
US 8.8.8.8:53 qlnolyg.info udp
US 8.8.8.8:53 xtsjtmd.net udp
US 8.8.8.8:53 kvffsp.net udp
US 8.8.8.8:53 jkmgksvtsaso.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 kwvxwiszjpg.info udp
US 8.8.8.8:53 xqeyxezeu.net udp
US 8.8.8.8:53 lxxgnxzjxgxp.net udp
US 8.8.8.8:53 nynkhmdzht.net udp
US 8.8.8.8:53 fotsjsxhnx.net udp
US 8.8.8.8:53 sgddbeosr.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 xhqxlk.info udp
US 8.8.8.8:53 gsomaaeqgq.com udp
US 8.8.8.8:53 tscmqnrxg.com udp
US 8.8.8.8:53 imvoinru.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 vbdkvycpez.net udp
US 8.8.8.8:53 bmzewcxjfyx.info udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 ywtmnolvro.net udp
US 8.8.8.8:53 edfbhfytln.info udp
US 8.8.8.8:53 ywqmrhaam.net udp
US 8.8.8.8:53 kifitewsjcc.info udp
US 8.8.8.8:53 mgcgoaswyy.org udp
US 8.8.8.8:53 xwlqnarzft.info udp
US 8.8.8.8:53 eyyajcrhdsq.net udp
US 8.8.8.8:53 izvlohst.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 bnhcdu.info udp
US 8.8.8.8:53 cygaiqgycgoq.com udp
US 8.8.8.8:53 mslmihzvxrj.info udp
US 8.8.8.8:53 dejrfxt.net udp
US 8.8.8.8:53 poblan.net udp
US 8.8.8.8:53 ysluevg.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 gswohknttkx.info udp
US 8.8.8.8:53 wpzeootuwodd.net udp
US 8.8.8.8:53 kmqueiygqs.com udp
US 8.8.8.8:53 yoqkyoqo.org udp
US 8.8.8.8:53 opvorebwt.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 uegsgk.org udp
US 8.8.8.8:53 iabmuja.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 nrouxpzztl.info udp
US 8.8.8.8:53 zadcbb.net udp
US 8.8.8.8:53 zwrxkr.net udp
US 8.8.8.8:53 unwullggiowq.info udp
US 8.8.8.8:53 dblznwzpr.com udp
US 8.8.8.8:53 slngzwn.net udp
US 8.8.8.8:53 wxrucvnzmycc.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 rkxphsltr.net udp
US 8.8.8.8:53 gwawkgseekgy.com udp
US 8.8.8.8:53 bilylqaa.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 bgfxmdrk.info udp
US 8.8.8.8:53 quwhjoarj.net udp
US 8.8.8.8:53 ngtmjnmzbzt.com udp
US 8.8.8.8:53 sxkmet.info udp
US 8.8.8.8:53 nonxhpwroilc.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 qzxlixzicrd.info udp
US 8.8.8.8:53 icoyyaqq.org udp
US 8.8.8.8:53 xpcqhz.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 mohsdyohd.net udp
US 8.8.8.8:53 bmjjtwjzxin.org udp
US 8.8.8.8:53 pwbmdjteznk.com udp
US 8.8.8.8:53 tfjwdvdluefv.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 ninzswyvtmnl.net udp
US 8.8.8.8:53 jofkruowj.info udp
US 8.8.8.8:53 zwpaxq.net udp
US 8.8.8.8:53 iyeefig.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 vgzbrsdgrl.net udp
US 8.8.8.8:53 ccmmywai.org udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 ccgiwekeyk.org udp
US 8.8.8.8:53 nulwzmjoakzl.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 vgduhpdmjfj.info udp
US 8.8.8.8:53 nrmqiuh.info udp
US 8.8.8.8:53 zorxtqbyj.org udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 bgzjqppcveqr.net udp
US 8.8.8.8:53 usdynbp.info udp
US 8.8.8.8:53 sooweykoqy.com udp
US 8.8.8.8:53 kwikuewm.com udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 tpmrnoirsf.info udp
US 8.8.8.8:53 vgyevumg.net udp
US 8.8.8.8:53 innqnfbtph.net udp
US 8.8.8.8:53 xgnzzvyuboe.info udp
US 8.8.8.8:53 koasmvogmvdm.net udp
US 8.8.8.8:53 rolqtyt.net udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 nfkhmzdogdsd.net udp
US 8.8.8.8:53 mqgqauei.com udp
US 8.8.8.8:53 hwevtzzy.info udp
US 8.8.8.8:53 vkgsyl.net udp
US 8.8.8.8:53 nurkuvdos.com udp
US 8.8.8.8:53 nvnlak.info udp
US 8.8.8.8:53 aacwya.org udp
US 8.8.8.8:53 bouwherme.org udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 qttkblkfke.info udp
US 8.8.8.8:53 afrdkeo.info udp
US 8.8.8.8:53 vcmidt.info udp
US 8.8.8.8:53 pbspki.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 vctsvef.net udp
US 8.8.8.8:53 ophcrahvpomc.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 msvasbw.net udp
US 8.8.8.8:53 puoynmrex.org udp
US 8.8.8.8:53 tcvcmabapws.info udp
US 8.8.8.8:53 lqdhzrzrogn.com udp
US 8.8.8.8:53 kowsga.org udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 degqyjhuxzxb.info udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 eszyfoacnid.info udp
US 8.8.8.8:53 lsxmmcn.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 rhxcxga.org udp
US 8.8.8.8:53 tgwmbskvgwfs.info udp
US 8.8.8.8:53 hevjicthbe.info udp
US 8.8.8.8:53 evtheupo.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 lvfcxsxd.info udp
US 8.8.8.8:53 qucokuqiicsa.org udp
US 8.8.8.8:53 dagatyg.org udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 icrhumtu.net udp
US 8.8.8.8:53 xwxrlgpzenmh.info udp

Files

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

MD5 6a9d9e8e21c1acf667db6dc652cb9e06
SHA1 31431bf2aa33d5fb478c3f3964a0c9b439b00ce9
SHA256 255b26f10bc4aaad3c059b37bc3c852d79131863eb5bfd2cb9936957175568ab
SHA512 ba8845166ae6751673c6c3949be51caca9bcd49d995c893abd66249debc8bc2397dbc6629d4d220a89b3ec234749f2909e92ea87f0a40bed0daf7f61e55d25a9

C:\Windows\SysWOW64\qctpkdrifroctbsthh.exe

MD5 bddd16d20828ab7fce7d46416ccf084f
SHA1 87067755449ba7bc2cbbf04edae0a03b60e0c91a
SHA256 57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7
SHA512 350ab8929b2a3bdc27fe8465fb5cd3f28885898fd09a91e884efcd6bfde777b5ed26e1dca9de2fc89ed79efdb276f5713b1c08a0a5b88c8809238e035bd6b425

C:\Users\Admin\AppData\Local\Temp\dcgpx.exe

MD5 cdf9639a9cce32e9a70fa8045f50cf21
SHA1 1f69fc8bff66168ec4852a31b0c7697e1c48d3ed
SHA256 b3bc57ad3c928b00ae679090e460880b994b855f7e15e932d0adba07bcb99aab
SHA512 0bb8e435292eaa2e2b0f681bdb7859a517e95697288aa23d666a00596fffb67c61e93d94de110e31c5952171ddb85f733a18650fdf62ff395959495e8ff94a2f

C:\Users\Admin\AppData\Local\syjzobjulriqbdojrlagrhwjrctzqyjlwr.tio

MD5 bf56b0b4bd2c44a5ae2828df57876ecc
SHA1 8fe5f3931de07dcbc133bf4be14ec97e824da973
SHA256 16e2d1dc670c5ff465872d8925b2015b4edf14755987d7d179fed8dc7a74c8bb
SHA512 4fe42cce8a3915d45a2491777f7c98696f506fe13e5673cef52c3655d6975e6ef5594b944e1d1832eca5ce34b034f32e8ddea6d94fc96e5916c54789670b4e95

C:\Users\Admin\AppData\Local\faafjliiojpmmddnktxssxb.aag

MD5 570c856cfe349cc4990396137a88f1ea
SHA1 94ac385515c21dc043eb6f89e44bab854a54a240
SHA256 b7cdafd638b576ec7078566c0d58c12eac64fd926071d2a08a17c036829e6a55
SHA512 c6030e244ff7ea37b28908a6ec4f7520e230f1ef397bf23994bda40d87f6a1adc4d17677495565f1a9b84b17ab0f8ef09462eb9496949afc3b97332afd0d233b

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 04be6650be2cc269568272b71fdc5a18
SHA1 1288527aa229ca30ecc5abe75452642c73c46283
SHA256 359609f440246730084d01ef69248af508633668bed4ab47ab33f14423a14c8c
SHA512 a621f1f5eff40c8e362f7879832f32e5429855f114e06dbcf299139e9befbf572cffdae38bf37b1337ee8c9792d91ce58732294002bc8d57df19bfbb67961617

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 7d90fb22a85f35afd0dad83709035e36
SHA1 eb3e354ba614ad6e43b6d8fe27b2f65c3b0b28ac
SHA256 c230cf04ea5e322d22011dd2af24f69a6a37081b0ff8c1f7608d81c7b2b8d644
SHA512 78cac2d379374d700d4e9046e2008ef69ebbd5d2d45003045ccf02dc64ca365246a66d5dc3a842049d3fe25ba3ac3ce8e00a4bf278082a6bf0ac0cc00e9b41e0

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 f53413012199cc3a9394b166c37e6f64
SHA1 d4638918a47572eec2ae2f824cc8df47a2763558
SHA256 e844b942ff0bc71ef1139da8583868ec457267c50d8282ab13919d8f5c37eb93
SHA512 cab19afb38a5c2f23796284c0a62730f9a1082b0e80eb737ee27a4d32c7a2d6729d654b8742182e565f07540c6d30b80f5ccd54a8ffb30decc3906709d04b202

C:\Users\Admin\AppData\Local\faafjliiojpmmddnktxssxb.aag

MD5 62162393d2bbf3f58c4fa217a826ed96
SHA1 d03fdde180d40828266cdb85df4417e420a3f181
SHA256 8f3d72d0d3a1a7b63dbeddceb2c7561014b8d7d9184f84b29f2e3d63a34d35ec
SHA512 e2a535bab6e5530ca7f8602f7c7a7cac4b244f137830ae8abe5901737a3365fbb85f1ff54277e1c53a6b367e5ba553dfb2cd5f2e01ab0272a86c1c4727bb5888

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 db156864643c2b0ca345efbe8cf187ec
SHA1 9e59368fff55a1cfc42d6196bfecc83776451599
SHA256 c064bf121ce7412a6be4ea6a8f4d50bdc4541f4ef20b6ba1efaf0af5040fd3a7
SHA512 ced700dcdee50a073461e4f6839cbe26a64ce4ab1e300447217c583ce476100bba487adbb0e8478a345e48b68cde3cd68b646d2da42832418225759f96842608

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 eb642888409f145c8091610b837ab5a1
SHA1 1b204d9713269f4d815b937b0f27357974c34407
SHA256 d648b7ed84e7adab73c27a6786201c929e2f23cf9c34a2df357804203c82ca07
SHA512 214dd4275bd2b380ef8f5683bdc6d33afa26b23e391f45da2427ebf59fe0b9fd89b1dc18f9cf1386b9da3dff8730e4281d7bf50ec5275d7e306f272da266b4a3

C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag

MD5 d4d15dd520ada014376988e86634c01b
SHA1 3db78153a3b8e9edd844720d1ab972d8f92c41ea
SHA256 3415b1b696aec957a7ef0e62a82e8848bc188ac06e098b269f859aaa66ef3257
SHA512 6654b89eb8bfa2fed5d65d3c0b3479542d2186dab1c94399f5554d032d584afc076bdba3953a80c59edb5f49ea7a406f733b8ccd948c91806aa3c2dd15e4dcf8

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-18 11:32

Reported

2025-04-18 11:35

Platform

win11-20250410-en

Max time kernel

53s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Windows\blbriykevhpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Windows\cpibvodaujusmvhqvrg.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\itkbtkxskxgcublsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Windows\blbriykevhpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\itkbtkxskxgcublsv.exe N/A
N/A N/A C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\itkbtkxskxgcublsv.exe N/A
N/A N/A C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\itkbtkxskxgcublsv.exe N/A
N/A N/A C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Windows\cpibvodaujusmvhqvrg.exe N/A
N/A N/A C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
N/A N/A C:\Windows\rdvngymibpzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "cpibvodaujusmvhqvrg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "itkbtkxskxgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "itkbtkxskxgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "itkbtkxskxgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "itkbtkxskxgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "rdvngymibpzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "cpibvodaujusmvhqvrg.exe" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\vtxbgkksxxtchbysippnrvaeem.rnw C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\SysWOW64\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File created C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Program Files (x86)\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File created C:\Program Files (x86)\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\itkbtkxskxgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\etojfarqmdqqmxlwdbshc.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\vlhdawooldrspbqckjbrnj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\cpibvodaujusmvhqvrg.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
File opened for modification C:\Windows\pdxrmgwupfrqlvisyvlz.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pdxrmgwupfrqlvisyvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etojfarqmdqqmxlwdbshc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\edint.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4504 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4504 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4504 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 1496 wrote to memory of 1960 N/A C:\Windows\system32\cmd.exe C:\Windows\etojfarqmdqqmxlwdbshc.exe
PID 1496 wrote to memory of 1960 N/A C:\Windows\system32\cmd.exe C:\Windows\etojfarqmdqqmxlwdbshc.exe
PID 1496 wrote to memory of 1960 N/A C:\Windows\system32\cmd.exe C:\Windows\etojfarqmdqqmxlwdbshc.exe
PID 5432 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\blbriykevhpkbhqw.exe
PID 5432 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\blbriykevhpkbhqw.exe
PID 5432 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\blbriykevhpkbhqw.exe
PID 5772 wrote to memory of 5392 N/A C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5772 wrote to memory of 5392 N/A C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5772 wrote to memory of 5392 N/A C:\Windows\blbriykevhpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4928 wrote to memory of 4408 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 4928 wrote to memory of 4408 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 4928 wrote to memory of 4408 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 5012 wrote to memory of 2268 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 5012 wrote to memory of 2268 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 5012 wrote to memory of 2268 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 2268 wrote to memory of 5396 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2268 wrote to memory of 5396 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2268 wrote to memory of 5396 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4592 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
PID 4592 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
PID 4592 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
PID 4960 wrote to memory of 4196 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 4960 wrote to memory of 4196 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 4960 wrote to memory of 4196 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 4196 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4196 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4196 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5156 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
PID 5156 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
PID 5156 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
PID 6060 wrote to memory of 2020 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 6060 wrote to memory of 2020 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 6060 wrote to memory of 2020 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
PID 2020 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2020 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2020 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3144 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 3144 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 3144 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 3144 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 3144 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 3144 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\edint.exe
PID 2252 wrote to memory of 3548 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 2252 wrote to memory of 3548 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 2252 wrote to memory of 3548 N/A C:\Windows\system32\cmd.exe C:\Windows\pdxrmgwupfrqlvisyvlz.exe
PID 3608 wrote to memory of 3908 N/A C:\Windows\system32\cmd.exe C:\Windows\cpibvodaujusmvhqvrg.exe
PID 3608 wrote to memory of 3908 N/A C:\Windows\system32\cmd.exe C:\Windows\cpibvodaujusmvhqvrg.exe
PID 3608 wrote to memory of 3908 N/A C:\Windows\system32\cmd.exe C:\Windows\cpibvodaujusmvhqvrg.exe
PID 5296 wrote to memory of 240 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5296 wrote to memory of 240 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5296 wrote to memory of 240 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 240 wrote to memory of 3300 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 240 wrote to memory of 3300 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 240 wrote to memory of 3300 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2132 wrote to memory of 4588 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 2132 wrote to memory of 4588 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 2132 wrote to memory of 4588 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 5976 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 5976 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 5976 wrote to memory of 2524 N/A C:\Windows\system32\cmd.exe C:\Windows\rdvngymibpzwpxiqup.exe
PID 4588 wrote to memory of 5524 N/A C:\Windows\rdvngymibpzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\edint.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bddd16d20828ab7fce7d46416ccf084f.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\edint.exe

"C:\Users\Admin\AppData\Local\Temp\edint.exe" "-C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe"

C:\Users\Admin\AppData\Local\Temp\edint.exe

"C:\Users\Admin\AppData\Local\Temp\edint.exe" "-C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\itkbtkxskxgcublsv.exe

itkbtkxskxgcublsv.exe

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etojfarqmdqqmxlwdbshc.exe

etojfarqmdqqmxlwdbshc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .

C:\Windows\cpibvodaujusmvhqvrg.exe

cpibvodaujusmvhqvrg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe

C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .

C:\Windows\blbriykevhpkbhqw.exe

blbriykevhpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."

C:\Windows\pdxrmgwupfrqlvisyvlz.exe

pdxrmgwupfrqlvisyvlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .

C:\Windows\rdvngymibpzwpxiqup.exe

rdvngymibpzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
GB 2.22.69.9:80 www.ebay.com tcp
GB 77.97.178.13:26660 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
GB 77.97.178.13:26660 tcp
US 8.8.8.8:53 ywknbghwrub.net udp
US 8.8.8.8:53 vtthja.info udp
US 8.8.8.8:53 oxzyoq.net udp
US 8.8.8.8:53 rgsbheaqho.info udp
US 8.8.8.8:53 uarpowz.info udp
US 8.8.8.8:53 sdcvgoblzxxm.net udp
US 8.8.8.8:53 egweogyowg.com udp
US 8.8.8.8:53 aquwqqxaf.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 fprlkmzadb.net udp
US 8.8.8.8:53 cbpajgdfn.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 klbadqyytudg.info udp
US 8.8.8.8:53 wcxqvtz.info udp
US 8.8.8.8:53 hmbsncnqqcz.info udp
US 8.8.8.8:53 zuibyy.net udp
US 8.8.8.8:53 bmzjxo.info udp
US 8.8.8.8:53 ukvggkhzpmq.info udp
US 8.8.8.8:53 hpiupsmrnd.net udp
US 8.8.8.8:53 ufmzekownatj.info udp
US 8.8.8.8:53 cumfbuiopyi.net udp
US 8.8.8.8:53 hmbncf.net udp
US 8.8.8.8:53 ltdjxdvcbf.info udp
US 8.8.8.8:53 kgqsoysu.com udp
US 8.8.8.8:53 szzgzkj.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 aqmiackiiaqy.com udp
US 8.8.8.8:53 yrfwmjuz.net udp
US 8.8.8.8:53 akagqeoqcu.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 gljhtjlp.net udp
US 8.8.8.8:53 yuhitygcmyr.net udp
US 8.8.8.8:53 kwxgjeyij.info udp
US 8.8.8.8:53 iaaufrlxlxh.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 akyyfyjnvgc.info udp
US 8.8.8.8:53 znngdy.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 qjkonbhumkh.net udp
US 8.8.8.8:53 kgpsnaek.net udp
US 8.8.8.8:53 juqeglswf.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 bnwsvo.net udp
US 8.8.8.8:53 gokexxn.info udp
US 8.8.8.8:53 yshkavzsr.info udp
US 8.8.8.8:53 tdouhoqebj.net udp
US 8.8.8.8:53 iojdyvbbzc.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 oytcbebyvyd.info udp
US 8.8.8.8:53 ohbgqidf.net udp
US 8.8.8.8:53 pduybwejr.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 jqlifzlf.net udp
US 8.8.8.8:53 tfgffg.net udp
US 8.8.8.8:53 iuewoi.org udp
US 8.8.8.8:53 pijpnex.com udp
US 8.8.8.8:53 qksywsgucooy.com udp
US 8.8.8.8:53 eeyiyqkaue.com udp
US 8.8.8.8:53 jhvpzccfefzw.info udp
US 8.8.8.8:53 dffcct.info udp
US 8.8.8.8:53 acoucsaammui.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 lslgvgzowrv.info udp
US 8.8.8.8:53 pmujjrpzr.org udp
US 8.8.8.8:53 dhosgzoi.info udp
US 8.8.8.8:53 qktupgzkz.net udp
US 8.8.8.8:53 ajifwfkhlzpp.info udp
US 8.8.8.8:53 sreyxkcefuu.info udp
US 8.8.8.8:53 qskuiymg.com udp
US 8.8.8.8:53 bcbmluskz.org udp
US 8.8.8.8:53 vhiblllqqola.net udp
US 8.8.8.8:53 coiokkcwwmmy.com udp
US 8.8.8.8:53 shlozyf.net udp
US 8.8.8.8:53 vghfvlrnau.net udp
US 8.8.8.8:53 mqgggocgiieg.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 iukkns.info udp
US 8.8.8.8:53 gmmovvrpxh.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 trujbyhikp.info udp
US 8.8.8.8:53 vuleibjrjt.net udp
US 8.8.8.8:53 gsjszsxqk.info udp
US 8.8.8.8:53 ermrcunkrfea.net udp
US 8.8.8.8:53 sgvfqegygpfh.info udp
US 8.8.8.8:53 kagivguvon.net udp
US 8.8.8.8:53 palasv.info udp
US 8.8.8.8:53 uyfajuckoyd.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 ccquddl.info udp
US 8.8.8.8:53 hrgyviddjz.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 okjnriz.info udp
US 8.8.8.8:53 faexnijllwx.org udp
US 8.8.8.8:53 jcukdqyc.net udp
US 8.8.8.8:53 jhmglfbqh.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 ewivjxreigup.net udp
US 8.8.8.8:53 gllygzmbvc.info udp
US 8.8.8.8:53 ahgnuwynvr.net udp

Files

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

MD5 bd2d128ca0ff7786e44ca4e2f3807b06
SHA1 b073e74c3fb687f4b5a9838ee8b2e5b9856abec5
SHA256 2cecd4903a4f423e289e6b60361c7fe38ec58566ea0cabcc26c55af8c6e5488f
SHA512 7c54a498207d077ea9921b427bd2640a645df15f86025d3f2cecac62f045bae6317c74dc65f690ff8788e71066c3ed98dc8fc527805dfa7d8b73400327449618

C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe

MD5 bddd16d20828ab7fce7d46416ccf084f
SHA1 87067755449ba7bc2cbbf04edae0a03b60e0c91a
SHA256 57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7
SHA512 350ab8929b2a3bdc27fe8465fb5cd3f28885898fd09a91e884efcd6bfde777b5ed26e1dca9de2fc89ed79efdb276f5713b1c08a0a5b88c8809238e035bd6b425

C:\Users\Admin\AppData\Local\Temp\edint.exe

MD5 a62131c4f1ec9cb0677f57def1879c4e
SHA1 52d71559d7c7f28fbda16c694fc4d9016800e0ab
SHA256 71347cf9787f6aeb914e567e740fa7047b822c64d11cb2fa84fa4b7e29146dd8
SHA512 112d94ac8db88ff5581a923f537eea17fee7e89de1c7d8852ec949a31215ffdbc15d8f84fcb6c2bfed3ac5bb1f4234c10b8334db480c10e1c1a4090b75d9a8b6

C:\Users\Admin\AppData\Local\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 762fa5784e2c8f4e7928d8edb0c1600c
SHA1 c3441baff5b1215cc74d4c7527f0dd5ea98ede2e
SHA256 06b5446c8fc67a72dc5241b3fce97fb5fb7bca070a7d7f4a3af384b77b7f3769
SHA512 ac738e47f91f52ed50018bf6eb7ecdb5e02f131e90c3199a4791014c8f0926330ee285437ec20ce4e039846a721d0b7f1e3bdbb6d52b75c3b37d7c4ab3af5022

C:\Users\Admin\AppData\Local\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt

MD5 a638735c91a4776699f6855c69bdee08
SHA1 a10ac65b0191ef43f5c6d418638c597f8cb99713
SHA256 42d53c783de385ad5bf10f7ad714070e51c191e3ebefed99bd133f8b6b87d7d5
SHA512 259887f454f14e0c670dd7f9658120a9dead6276da94b1d024707b085200b30373019fd0e554a601bdb6077c1e39e1f06ddbb8589a96105faa26eb5b27104694

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 ca4b90353a1f71410a302452bc53a160
SHA1 045aa2583e8a4b14e3b7225b52ab6b2939b66bf7
SHA256 00e244bd6d7df4225da45ef0b869f93afbd44864719c30ada57c7fca563cf8bf
SHA512 1804693ee3c1dc1b21cd7c17d86e247ef6f16d7a49d0955d05223f7de3f9e7028906ead75b965191e7771bf98b9c6bebe4ae11dd4344ab50d446120d8aeaa524

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 aaa9e48b6d59fc4c4db1852e2f8daa6f
SHA1 27bbce7738a25a3fe25a4553d77361b4f342e089
SHA256 c779455434f44aba3b468bcc320ef623958fc954e7acf248b170a06d738e29fa
SHA512 b9db53c8baa1f98c7bf9767385fd6baf2452b2271b106daec8fc99fe9d6b04af8e188694b747cd03b12dc1c47c66abe3f1bfcfc67b382d56d966d94d74db80e5

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 bf144dd97ff07b067e1dc4716b67c362
SHA1 0ba7ab843cbcb67c126f116c58e60fc5e5970e03
SHA256 dc02adbf0f233068d8c4e1f435d5438f33943cb01385115be9dfea1b7a5638dd
SHA512 80e2e0fc665b33a7a6ce8376f31a5ef20653021c0752030e2d2b5f9e0ca1dd871fd35d08f2f5ec3e6e8a940334a9a99e95ab34769c3f2909f0de93f24dd2fd1c

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 27337e187bcd08f0f5d31526834ad920
SHA1 fa187b2aea718f4245ac5e3bbf2cef74605304e2
SHA256 7f8a7f8cc4fb9e9163251f97c4546ec13372628b1a90f1f8e77fd8f7786e0b50
SHA512 78db6a91e75eb07fe3d62d8dcbce54ab3d82062b7da07ff4accb99a1866330fdcf7dca260ebb0cf19431b1b0a669e8500e2ea92d83ce6d6954232a8d5df3f6a7

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 18ee136afb4ed5721dd831ba6de934e4
SHA1 2d7d745015b3d6289720e169cf512aa3668a41b3
SHA256 40dddb047b4abc0520c2e07c450a7f03d3f2c3fc3b3079c6fc40f3ca3d2c0362
SHA512 6f6202821c8b60452948c554ddaa5734da0040cb87e55633da0299cd8095169e2423c8a6773308f03b53cf26fa24dd4a022784e1d163924efaefc062dde30f21

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 6432ffb24e491818ad88e2fb30a5d47e
SHA1 37a40521e7823c24a0d61d7021faecfdcb11eac4
SHA256 2be68cab25447386bfb95b306d52aaa3a18c128a8507b417836100c1f1f9051e
SHA512 7b3b3505025b17cbf9f770b0185a86065297ab0faf10d27b39966595ec22105e1b3d06c1b2e5a0e6805109b5c84dc364ea118289909b243a0ce191ebdce625bc

C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw

MD5 af6375a5a0243137af2aba533160f358
SHA1 74ee4f612113ffff8633ed5cef6b5af94f4b5de9
SHA256 cea2669fa43bf8bd1a98ebe80fd00721c541d6a5bfd69ad4fd9834ca0195f3e1
SHA512 3aaeaabcb2b89e24e22f236d7e98ee38675d459a7f0b9a50b34544b41c2f012573aab9d5dd0aafd3f3c7892c8d21706d991b5514fa6617ef1ff8cdc5729c558b