Malware Analysis Report

2025-08-10 16:35

Sample ID 250419-bwfjvssqy5
Target JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36
SHA256 32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8

Threat Level: Known bad

The file JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Modifies WinLogon for persistence

Pykspa

Pykspa family

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Adds Run key to start application

Drops file in System32 directory

Drops autorun.inf file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-19 01:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-19 01:29

Reported

2025-04-19 01:31

Platform

win10v2004-20250314-en

Max time kernel

43s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mouano = "ykaqnyldtjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fsjaykyrizbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\izhhtgbugybhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Windows\rjstguqkxqubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Windows\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Windows\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Windows\bryxiuogrikprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Windows\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Windows\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Windows\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\izhhtgbugybhkymvu.exe N/A
N/A N/A C:\Windows\rjstguqkxqubfujttb.exe N/A
N/A N/A C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
N/A N/A C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe ." C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe ." C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "pjuxmcawlgmvbsjvxhlf.exe ." C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "ezlpfwvsielvcumzcnsnz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "pjuxmcawlgmvbsjvxhlf.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "rjstguqkxqubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "ezlpfwvsielvcumzcnsnz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sswa = "ykaqnyldtjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bchmy = "ykaqnyldtjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sswa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsnikaspkflvcumzcnpgb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bchmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fsjaykyrizbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "pjuxmcawlgmvbsjvxhlf.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "cvfhvkhcqkpxcsitudg.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "ezlpfwvsielvcumzcnsnz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "bryxiuogrikprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File created C:\Program Files (x86)\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File created C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File created C:\Windows\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ezlpfwvsielvcumzcnsnz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\pjuxmcawlgmvbsjvxhlf.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bryxiuogrikprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\vrejassqhemxfyrfjvbxkp.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ykaqnyldtjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\izhhtgbugybhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rjstguqkxqubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjuxmcawlgmvbsjvxhlf.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 708 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 708 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 708 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2264 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
PID 2264 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
PID 2264 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
PID 2300 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\cvfhvkhcqkpxcsitudg.exe
PID 2300 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\cvfhvkhcqkpxcsitudg.exe
PID 2300 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\cvfhvkhcqkpxcsitudg.exe
PID 1200 wrote to memory of 3084 N/A C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1200 wrote to memory of 3084 N/A C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1200 wrote to memory of 3084 N/A C:\Windows\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4892 wrote to memory of 2544 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 4892 wrote to memory of 2544 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 4892 wrote to memory of 2544 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 4352 wrote to memory of 3524 N/A C:\Windows\system32\cmd.exe C:\Windows\rjstguqkxqubfujttb.exe
PID 4352 wrote to memory of 3524 N/A C:\Windows\system32\cmd.exe C:\Windows\rjstguqkxqubfujttb.exe
PID 4352 wrote to memory of 3524 N/A C:\Windows\system32\cmd.exe C:\Windows\rjstguqkxqubfujttb.exe
PID 1452 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
PID 1452 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
PID 1452 wrote to memory of 4580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
PID 3524 wrote to memory of 2296 N/A C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 3524 wrote to memory of 2296 N/A C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 3524 wrote to memory of 2296 N/A C:\Windows\rjstguqkxqubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 3068 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 3068 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 3068 wrote to memory of 4836 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 3260 wrote to memory of 1604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3260 wrote to memory of 1604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3260 wrote to memory of 1604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4836 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Windows\system32\cmd.exe
PID 4836 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Windows\system32\cmd.exe
PID 4836 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 3240 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 3240 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
PID 2180 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
PID 2180 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
PID 2180 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
PID 4456 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 4456 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 4456 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 4456 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 4456 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 4456 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
PID 1060 wrote to memory of 3644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1060 wrote to memory of 3644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1060 wrote to memory of 3644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1228 wrote to memory of 2008 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 1228 wrote to memory of 2008 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 1228 wrote to memory of 2008 N/A C:\Windows\system32\cmd.exe C:\Windows\bryxiuogrikprerz.exe
PID 952 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 952 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 952 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 376 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 376 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 376 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\izhhtgbugybhkymvu.exe
PID 2780 wrote to memory of 1332 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2780 wrote to memory of 1332 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2780 wrote to memory of 1332 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4388 wrote to memory of 2984 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4388 wrote to memory of 2984 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4388 wrote to memory of 2984 N/A C:\Windows\izhhtgbugybhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4384 wrote to memory of 2824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe

"C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe

"C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv ogDARiFHyk6iucDK/+KuLw.0.2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ykaqnyldtjkprerz.exe

ykaqnyldtjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\ykaqnyldtjkprerz.exe

ykaqnyldtjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ykaqnyldtjkprerz.exe

ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe

C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ykaqnyldtjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Windows\fsjaykyrizbhkymvu.exe

fsjaykyrizbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mcwqrgxtnhmvbsjvxhiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fsjaykyrizbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fsjaykyrizbhkymvu.exe*."

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\ykaqnyldtjkprerz.exe

ykaqnyldtjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe

mcwqrgxtnhmvbsjvxhiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\fsjaykyrizbhkymvu.exe

fsjaykyrizbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\fsjaykyrizbhkymvu.exe

fsjaykyrizbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fsjaykyrizbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."

C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fsjaykyrizbhkymvu.exe*."

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\ocumlynhzrubfujttb.exe

ocumlynhzrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe .

C:\Windows\ykaqnyldtjkprerz.exe

ykaqnyldtjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ykaqnyldtjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\fsjaykyrizbhkymvu.exe

fsjaykyrizbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe

mcwqrgxtnhmvbsjvxhiy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."

C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe

C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\zohaaoezslpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .

C:\Windows\bryxiuogrikprerz.exe

bryxiuogrikprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .

C:\Windows\izhhtgbugybhkymvu.exe

izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."

C:\Windows\pjuxmcawlgmvbsjvxhlf.exe

pjuxmcawlgmvbsjvxhlf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsnikaspkflvcumzcnpgb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\bsnikaspkflvcumzcnpgb.exe

bsnikaspkflvcumzcnpgb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zohaaoezslpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .

C:\Windows\zohaaoezslpxcsitudd.exe

zohaaoezslpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\zohaaoezslpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Windows\fsjaykyrizbhkymvu.exe

fsjaykyrizbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe

C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe

mcwqrgxtnhmvbsjvxhiy.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe

C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .

C:\Users\Admin\AppData\Local\Temp\bchmy.exe

"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."

C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ykaqnyldtjkprerz.exe*."

C:\Windows\rjstguqkxqubfujttb.exe

rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Windows\cvfhvkhcqkpxcsitudg.exe

cvfhvkhcqkpxcsitudg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\ezlpfwvsielvcumzcnsnz.exe

ezlpfwvsielvcumzcnsnz.exe .

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe

C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.153.106:80 www.google.com tcp
PK 111.119.182.129:20999 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 gezilruan.info udp
US 8.8.8.8:53 tzkrgzbaqyqb.net udp
US 8.8.8.8:53 wiuwoqigxph.info udp
US 8.8.8.8:53 qjfeewn.net udp
US 8.8.8.8:53 mwmioa.com udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 hgdudkmwvoh.com udp
US 8.8.8.8:53 fglgbncjzlfv.net udp
US 8.8.8.8:53 prhcbxd.info udp
US 8.8.8.8:53 ammaaeoocsqe.com udp
US 8.8.8.8:53 xhrqfgxijgny.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 pzcflxlczncg.net udp
US 8.8.8.8:53 uofyzxwmx.info udp
US 8.8.8.8:53 eingrbthhuw.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 mqmgae.com udp
US 8.8.8.8:53 gaugiwgmqe.org udp
US 8.8.8.8:53 fzxahifjjjun.info udp
US 8.8.8.8:53 tqbuzqk.info udp
US 8.8.8.8:53 sugqymkwciae.com udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 byoayol.org udp
US 8.8.8.8:53 fwdadwtxtus.net udp
US 8.8.8.8:53 apwgdrsb.net udp
US 8.8.8.8:53 cydlrge.info udp
PK 111.119.182.129:20999 tcp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 bxjqgl.net udp
US 8.8.8.8:53 lwfhmtvlom.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 cmqabihkwaks.info udp
US 8.8.8.8:53 udbdssd.info udp
US 8.8.8.8:53 uptpawjgneb.info udp
US 8.8.8.8:53 pculnj.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 twyclmv.net udp
US 8.8.8.8:53 advhuipqvwu.net udp
US 8.8.8.8:53 dbtgfe.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 xaiglmt.org udp
US 8.8.8.8:53 bbmklqhzt.info udp
US 8.8.8.8:53 lghgwdnk.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 bmatywsvx.info udp
US 8.8.8.8:53 ervwppicsgel.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 zgrqfakgjmv.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 elxagbsk.info udp
US 8.8.8.8:53 omqimk.org udp
US 8.8.8.8:53 ixkxtvhsee.net udp
US 8.8.8.8:53 yggkzcn.net udp
US 8.8.8.8:53 iydwktnakyd.info udp
US 8.8.8.8:53 umjmnapsm.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 rlwyyd.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 cwcgko.org udp
US 8.8.8.8:53 ffnantivtu.info udp
US 8.8.8.8:53 fgbwzms.net udp
US 8.8.8.8:53 qkfytit.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 ysexfcl.net udp
US 8.8.8.8:53 rvkbzkzvkwcs.info udp
US 8.8.8.8:53 hgcpxxzcy.com udp
US 8.8.8.8:53 sszorzmaeop.info udp
US 8.8.8.8:53 mczwpvliurhq.info udp
US 8.8.8.8:53 wduvwu.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 fjwixik.net udp
US 8.8.8.8:53 hhkspqqmpkw.net udp
US 8.8.8.8:53 ioqwsome.com udp
US 8.8.8.8:53 lefepfv.net udp
US 8.8.8.8:53 nylqpyenzgq.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 wigekm.info udp
US 8.8.8.8:53 ggkaos.com udp
HK 154.55.240.162:80 ggkaos.com tcp
US 8.8.8.8:53 seakegaegwyg.org udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 qwuxjckfzunp.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 jijkzuzfbad.info udp
US 8.8.8.8:53 cgmmykoyci.com udp
US 8.8.8.8:53 iemyslh.info udp
US 8.8.8.8:53 evesvcvtwgvf.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 hyrxsqgu.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 qjjcdw.net udp
US 8.8.8.8:53 vuvmrrr.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 ixrrfmbyfeh.net udp
US 8.8.8.8:53 lseknecf.info udp
US 8.8.8.8:53 ggikac.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 qdpfzdmj.net udp
US 8.8.8.8:53 tgtwxtd.info udp
US 8.8.8.8:53 hnszbg.net udp
US 8.8.8.8:53 xqrgnyv.info udp
US 8.8.8.8:53 sslzhpje.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 wndjdwxwzizb.info udp
US 8.8.8.8:53 xtkriynws.org udp
US 8.8.8.8:53 qrmrual.net udp
US 8.8.8.8:53 ukewhvfgd.net udp
US 8.8.8.8:53 vsapftmbij.net udp
US 8.8.8.8:53 vghbfakgnul.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 gmcezfbubud.net udp
US 8.8.8.8:53 eqpfjmjukvpf.info udp
US 8.8.8.8:53 kcxggxhtzsp.net udp
US 8.8.8.8:53 mceeyu.org udp
US 8.8.8.8:53 komrpwn.info udp
US 8.8.8.8:53 wijnimdqa.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 blzinqdir.info udp
US 8.8.8.8:53 duqwjywkzy.info udp
US 8.8.8.8:53 eigqmcqw.com udp
US 8.8.8.8:53 fmpwkjdxr.org udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 ycfpmuf.info udp
US 8.8.8.8:53 bkrlju.net udp
US 8.8.8.8:53 yvxhpqrocgd.info udp
US 8.8.8.8:53 uermwaqsf.net udp
US 8.8.8.8:53 usnhfrxobqd.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 cyqauwmysiaq.com udp
US 8.8.8.8:53 avvunhqql.info udp
US 8.8.8.8:53 kldezwzafu.info udp
US 8.8.8.8:53 lyjirhvsmi.info udp
US 8.8.8.8:53 hjhaoirovt.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 dczargardm.info udp
US 8.8.8.8:53 lgvenryzfgw.net udp
US 8.8.8.8:53 fmjtxizivzl.com udp
US 8.8.8.8:53 lgeqmir.info udp
US 8.8.8.8:53 kwdabfp.info udp
US 8.8.8.8:53 hrxmgbbb.net udp
US 8.8.8.8:53 cicffhwh.net udp
US 8.8.8.8:53 xuhglgned.net udp
US 8.8.8.8:53 hgsitoou.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 tkvwsiasl.org udp
US 8.8.8.8:53 gqdsdutqtau.net udp
US 8.8.8.8:53 lyvdjht.net udp
US 8.8.8.8:53 dgtlhn.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 qftfrynjot.info udp
US 8.8.8.8:53 rzqtyav.org udp
US 8.8.8.8:53 habbbyhsh.net udp
US 8.8.8.8:53 fcfoluvewin.net udp
US 8.8.8.8:53 oqnbjk.net udp
US 8.8.8.8:53 aqeswiqacceo.org udp
US 8.8.8.8:53 vnuozwbsjlm.org udp
US 8.8.8.8:53 brcvvxrk.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 sfjslmzgjw.info udp
US 8.8.8.8:53 xnhmir.net udp
US 8.8.8.8:53 quoiwacieg.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 ssjaaen.info udp
US 8.8.8.8:53 rxzlgw.net udp
US 8.8.8.8:53 uwqsemsw.org udp
US 8.8.8.8:53 ygfmwds.net udp
US 8.8.8.8:53 pnbhkmtyfuhc.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 mwjjjkr.info udp
US 8.8.8.8:53 aguybfer.info udp
US 8.8.8.8:53 fpqmrw.net udp
US 8.8.8.8:53 crxwpkvkyky.info udp
US 8.8.8.8:53 dzouyuhonqv.info udp
US 8.8.8.8:53 thheunbhpfs.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 libwnuish.info udp
US 8.8.8.8:53 dsesapolwhpi.info udp
US 8.8.8.8:53 kikicksgee.com udp
US 8.8.8.8:53 dcvwzeq.net udp
US 8.8.8.8:53 weeapwhkcoj.net udp
US 8.8.8.8:53 kcjrmqr.net udp
US 8.8.8.8:53 ygyosi.com udp
US 8.8.8.8:53 ewalcbqcb.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 gmkujclom.net udp
US 8.8.8.8:53 lsyrbotevzv.net udp
US 8.8.8.8:53 sggihrtfkz.info udp
US 8.8.8.8:53 fgeoavdax.org udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 rlvzphhb.info udp
US 8.8.8.8:53 lxpioknbpwd.net udp
US 8.8.8.8:53 kkarxica.info udp
US 8.8.8.8:53 ppvhoanjxi.net udp
US 8.8.8.8:53 sieucoaoic.com udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 yarktka.info udp
US 8.8.8.8:53 erhgstoe.info udp
US 8.8.8.8:53 ufwnwmgk.info udp
US 8.8.8.8:53 yowoulfwf.info udp
US 8.8.8.8:53 lcletonwphj.org udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 xybdjtiwb.net udp
US 8.8.8.8:53 zvqgojbsai.info udp
US 8.8.8.8:53 pzcmjojg.net udp
US 8.8.8.8:53 tnnqbkvencp.net udp
US 8.8.8.8:53 sqpvbjxrkgz.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 hprnhl.info udp
US 8.8.8.8:53 lztpenqhnwkg.net udp
US 8.8.8.8:53 jadugmvm.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 pkdvhoyzymmd.net udp
US 8.8.8.8:53 lpatwnha.info udp
US 8.8.8.8:53 mcuqkofkn.info udp
US 8.8.8.8:53 cytmfnknnwju.net udp
US 8.8.8.8:53 xupgdwphb.info udp
US 8.8.8.8:53 csjspdnltuc.info udp
US 8.8.8.8:53 vjdupm.info udp
US 8.8.8.8:53 fejezmfca.info udp
US 8.8.8.8:53 gtydpvyc.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 ypwffgaxhgh.info udp
US 8.8.8.8:53 jesshhdgmnv.info udp
US 8.8.8.8:53 oqwibky.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 dqgebsy.net udp
US 8.8.8.8:53 ccgcqa.com udp
US 8.8.8.8:53 waoiiq.com udp
US 8.8.8.8:53 npjodndloc.net udp
US 8.8.8.8:53 smcaumee.org udp
US 8.8.8.8:53 iwqyke.com udp
US 8.8.8.8:53 zztnma.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 jhymuev.info udp
US 8.8.8.8:53 ilbfddq.net udp
US 8.8.8.8:53 puvudevt.info udp
US 8.8.8.8:53 oqwueg.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 iwukakwq.org udp
US 8.8.8.8:53 nmrcdt.net udp
US 8.8.8.8:53 ekjevpjxdbcy.net udp
US 8.8.8.8:53 zwpsxlio.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jppkoltwgtkp.info udp
US 8.8.8.8:53 mqjmrgpxl.info udp
US 8.8.8.8:53 xnjyzr.net udp
US 8.8.8.8:53 lxisqc.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 xuhotihxr.com udp
US 8.8.8.8:53 wbdbyo.net udp
US 8.8.8.8:53 bzvehadyqmj.info udp
US 8.8.8.8:53 einmbit.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 aidpfsd.net udp
US 8.8.8.8:53 zogdvtbgiyf.info udp
US 8.8.8.8:53 yfcqlqba.net udp
US 8.8.8.8:53 iebdoeijlfl.info udp
US 8.8.8.8:53 nswmozsb.info udp
US 8.8.8.8:53 qeiepkj.info udp
US 8.8.8.8:53 yqmhlybghlx.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 bqndbcv.info udp
US 8.8.8.8:53 bndcdasknd.net udp
US 8.8.8.8:53 gwfrvohjfqne.info udp
US 8.8.8.8:53 kkysmaswcico.org udp
US 8.8.8.8:53 cgdadfe.info udp
US 8.8.8.8:53 tojjshjotp.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 conmiwronawo.info udp
US 8.8.8.8:53 avqszqthgo.net udp
US 8.8.8.8:53 swbnkicabyv.info udp
US 8.8.8.8:53 odsuti.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 juvkvyv.net udp
US 8.8.8.8:53 xfjqgkperkb.org udp
US 8.8.8.8:53 mmhupsztbkj.info udp
US 8.8.8.8:53 ymrmbefus.net udp
US 8.8.8.8:53 hlmazwymzdkr.info udp
US 8.8.8.8:53 vedjzu.net udp
US 8.8.8.8:53 ootluyjkna.net udp
US 8.8.8.8:53 xokfrudejcj.com udp
US 8.8.8.8:53 mgeekyayyoys.com udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 qshqpsf.net udp
US 8.8.8.8:53 xxaozsevgxev.info udp
US 8.8.8.8:53 bhvurp.net udp
US 8.8.8.8:53 gidytydzj.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 sfwkuoshbsto.net udp
US 8.8.8.8:53 zonrdl.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 eofytex.info udp
US 8.8.8.8:53 vnortqxbacak.info udp
US 8.8.8.8:53 jqvutyguw.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 acucaigsgm.com udp
US 8.8.8.8:53 vsfbrurfw.com udp
US 8.8.8.8:53 fgvwwulinyq.info udp
US 8.8.8.8:53 fobycxucuuwy.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 niqmvewgvun.org udp
US 8.8.8.8:53 ppusitsr.net udp
US 8.8.8.8:53 hllpthtvfiri.net udp
US 8.8.8.8:53 auberop.net udp
US 8.8.8.8:53 jreeex.info udp
US 8.8.8.8:53 eueaycoesqkq.com udp
US 8.8.8.8:53 vikzczbicati.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 vcbjaa.net udp
US 8.8.8.8:53 wwuvzetbfss.net udp
US 8.8.8.8:53 nhljkherno.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 gccuvybc.info udp
US 8.8.8.8:53 ecwsbgppv.info udp
US 8.8.8.8:53 omdbejhbk.net udp
US 8.8.8.8:53 wudlnkpckb.net udp
US 8.8.8.8:53 hasaxgl.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 uwiutcu.info udp
US 8.8.8.8:53 tfeaezlydy.net udp
US 8.8.8.8:53 qhjstipqion.net udp
US 8.8.8.8:53 crsexosaidix.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 pygutu.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 ffvsfgxkp.info udp
US 8.8.8.8:53 grdxgg.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 omqoqosyyeis.org udp
US 8.8.8.8:53 oxnggrvq.net udp
US 8.8.8.8:53 ogewrcwf.info udp
US 8.8.8.8:53 jcwqonisdm.net udp
US 8.8.8.8:53 fpiuprxqs.org udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 rldvwlsv.net udp
US 8.8.8.8:53 ffrkcuejssjs.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 peauhd.info udp
US 8.8.8.8:53 eijurypxn.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 xihyxof.net udp
US 8.8.8.8:53 ocvujejzkwi.info udp
US 8.8.8.8:53 zgmddb.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 fvtznihgbpu.net udp
US 8.8.8.8:53 iscetjdqarw.net udp
US 8.8.8.8:53 jpdlhi.net udp
US 8.8.8.8:53 fvrsbc.net udp
US 8.8.8.8:53 lczwnye.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 awpsfpfyp.net udp
US 8.8.8.8:53 kxzmtui.info udp
US 8.8.8.8:53 xvmfjdyosk.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 gktyqk.net udp
US 8.8.8.8:53 ugcuuueismwy.com udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 jabtdf.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 jqpmfnbmiqsl.info udp
US 8.8.8.8:53 bgcyzkz.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 kufvhh.net udp
US 8.8.8.8:53 qwdkdainp.net udp
US 8.8.8.8:53 yzfunuhgzsj.info udp
US 8.8.8.8:53 vahzkc.info udp
US 8.8.8.8:53 mmxsdpcq.net udp
US 8.8.8.8:53 qooykc.org udp
US 8.8.8.8:53 ueevbmsid.info udp
US 8.8.8.8:53 yucowa.org udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 swcmqcsomk.org udp
US 8.8.8.8:53 viavutxm.net udp
US 8.8.8.8:53 ppxoqubsdn.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 igzujhb.info udp
US 8.8.8.8:53 fxlxccj.org udp
US 8.8.8.8:53 nmxqtin.info udp
US 8.8.8.8:53 onikzizhvbsy.info udp
US 8.8.8.8:53 pizqkbknwo.net udp
US 8.8.8.8:53 kommumwiug.com udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 rjpqlg.net udp
US 8.8.8.8:53 ygugkkkskg.org udp
US 8.8.8.8:53 pwowniwmd.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 vgbqdfgcf.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 ugqagw.com udp
US 8.8.8.8:53 aatgrynghhv.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 igqqkatb.info udp
US 8.8.8.8:53 acngwefrfsz.info udp
US 8.8.8.8:53 scefnmbbqmde.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 jmlmcuyegm.info udp
US 8.8.8.8:53 mkzvhmaf.net udp
US 8.8.8.8:53 hsjrzrxduk.net udp
US 8.8.8.8:53 swagaekkco.com udp
US 8.8.8.8:53 ksamsmqiay.org udp
US 8.8.8.8:53 amvkpkloz.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 urlspqeczuu.info udp
US 8.8.8.8:53 yrzgvq.info udp
US 8.8.8.8:53 wayiwgqesiwe.org udp
US 8.8.8.8:53 lmzorfjfhsqw.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 uotyykd.info udp
US 8.8.8.8:53 iyqiigum.com udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 cdjezbjobpoi.info udp
US 8.8.8.8:53 nhtmewhsnqw.com udp
US 8.8.8.8:53 wuamawqoec.org udp
US 8.8.8.8:53 rejmzqj.info udp
US 8.8.8.8:53 pkbusskur.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 jodcjwxqrex.net udp
US 8.8.8.8:53 waiyxst.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 vcndjyq.com udp
US 8.8.8.8:53 lckkbal.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 vydekdnkt.net udp
US 8.8.8.8:53 ygbjfzxwxqxk.net udp
US 8.8.8.8:53 mesckyqiui.org udp
US 8.8.8.8:53 wqpsfrpmvr.net udp
US 8.8.8.8:53 rzqsirzdo.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 swpgxcbkj.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 fawxmblsxttp.net udp
US 8.8.8.8:53 nohirozut.com udp
US 8.8.8.8:53 qewkis.com udp
US 8.8.8.8:53 sjpbrdjfxn.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 hrbichrd.net udp
US 8.8.8.8:53 hzrxeaj.org udp
US 8.8.8.8:53 yhmtlkx.info udp
US 8.8.8.8:53 eiecqs.com udp
US 8.8.8.8:53 jwzciwnqa.org udp
US 8.8.8.8:53 qrwjqx.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 oyyltnftrl.net udp
US 8.8.8.8:53 debqvadou.com udp
US 8.8.8.8:53 ymiyqokyiy.org udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 tpcvyzlpybme.net udp
US 8.8.8.8:53 ngpmoozaf.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 rgmtvt.net udp
US 8.8.8.8:53 osxegqyaunb.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 uiatfomwcewg.info udp
US 8.8.8.8:53 ruxxyyjep.info udp
US 8.8.8.8:53 yvukvczu.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 vjnhchrvvc.net udp
US 8.8.8.8:53 wakwiqeueocm.com udp
US 8.8.8.8:53 fgqgyopclkp.org udp
US 8.8.8.8:53 zetpolry.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 ytrylozbbmbr.info udp
US 8.8.8.8:53 mumusnmwhqtc.info udp
US 8.8.8.8:53 yhdbyl.net udp
US 8.8.8.8:53 ysbzilbmgwtr.net udp
US 8.8.8.8:53 oujubmddoxp.info udp
US 8.8.8.8:53 jlzopdfa.net udp
US 8.8.8.8:53 owokum.org udp
US 8.8.8.8:53 pfwirejb.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 woeksshcm.net udp
US 8.8.8.8:53 ekgsyyewusgk.org udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 ialqwiryfxgi.net udp
US 8.8.8.8:53 amimooma.com udp
US 8.8.8.8:53 pmhiknnh.info udp
US 8.8.8.8:53 khvmhzzc.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 gqfylojal.info udp
US 8.8.8.8:53 zvzwvvboamt.net udp
US 8.8.8.8:53 pwvzxxu.org udp
US 8.8.8.8:53 ooqymqoa.org udp
US 8.8.8.8:53 uyropbt.net udp
US 8.8.8.8:53 sizpvevzrrt.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 kmpcnsz.info udp
US 8.8.8.8:53 nhslcshahj.info udp
US 8.8.8.8:53 tfczwz.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 qonycamok.info udp
US 8.8.8.8:53 qfeqtwiwir.net udp
US 8.8.8.8:53 gczafkv.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 joiyhuzxfk.net udp
US 8.8.8.8:53 qotgocd.net udp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 fmpktqpifyd.net udp
US 8.8.8.8:53 wvkmarthni.info udp
US 8.8.8.8:53 lkqyrgwn.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 gkefvw.net udp
US 8.8.8.8:53 sgmfte.net udp
US 8.8.8.8:53 zkwkjcu.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 zezwemhij.info udp
US 8.8.8.8:53 fvrmbablw.org udp
US 8.8.8.8:53 inmnbadjncl.net udp
US 8.8.8.8:53 xlncfsa.net udp
US 8.8.8.8:53 gytmlev.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 emtoawj.info udp
US 8.8.8.8:53 oodnxfxvj.info udp
US 8.8.8.8:53 eiqmwuqkcssc.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 lhqqjx.info udp
US 8.8.8.8:53 jioirlb.org udp
US 8.8.8.8:53 yyajoxclqzi.net udp
US 8.8.8.8:53 qkdarp.info udp
US 8.8.8.8:53 covgfocgxcq.info udp
US 8.8.8.8:53 xmhvtwn.info udp
US 8.8.8.8:53 uyaiey.com udp
US 8.8.8.8:53 ghskrfgq.net udp
US 8.8.8.8:53 fnjgdihki.com udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 clzvsfjk.info udp
US 8.8.8.8:53 zorsfg.info udp
US 8.8.8.8:53 ohfqbej.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 yjplvmloykwy.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 fssldpfmpgi.com udp
US 8.8.8.8:53 xixroraepfrn.net udp
US 8.8.8.8:53 gcmasgcg.org udp
US 8.8.8.8:53 pfxbhnfp.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 acxrganip.net udp
US 8.8.8.8:53 qynjmxsyds.info udp
US 8.8.8.8:53 qwjpjmachjn.net udp
US 8.8.8.8:53 mipuxovspmp.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 hqlyjfflz.com udp
US 8.8.8.8:53 lprkehotusaa.net udp
US 8.8.8.8:53 shsdliiamjd.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 xyoqomeun.net udp
US 8.8.8.8:53 ykvlqejqk.info udp
US 8.8.8.8:53 okxgxpt.info udp
US 8.8.8.8:53 vcaatipqjv.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 ldfetaiub.org udp
US 8.8.8.8:53 wmlqyiwubej.net udp
US 8.8.8.8:53 fowyfxngac.info udp
US 8.8.8.8:53 ayicqmiikk.com udp
US 8.8.8.8:53 rligjygk.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 bjfhxgfaaij.org udp
US 8.8.8.8:53 xkgchwv.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 qcgzrp.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 jcmrxr.net udp
US 8.8.8.8:53 zevslkjzx.org udp
US 8.8.8.8:53 kuohgniha.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 ezlcle.net udp
US 8.8.8.8:53 eleehydyh.info udp
US 8.8.8.8:53 yijklmxapsf.net udp
US 8.8.8.8:53 henwuzhksr.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 endvjbqfmf.info udp
US 8.8.8.8:53 xqzqpqdcpym.net udp
US 8.8.8.8:53 supzecssda.info udp
US 8.8.8.8:53 azqehbjsdm.net udp
US 8.8.8.8:53 jwbfaif.com udp
US 8.8.8.8:53 ssaqquseysaq.com udp
US 8.8.8.8:53 lbuxvuljqsuj.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 ccmgcg.com udp
US 8.8.8.8:53 pefmouz.info udp
US 8.8.8.8:53 nocbjqgnn.net udp
US 8.8.8.8:53 hjouhefwz.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 dptdndng.info udp
US 8.8.8.8:53 bmwihawajhk.info udp
US 8.8.8.8:53 aqsawcaq.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 bbrwiuukubj.org udp
US 8.8.8.8:53 sqboplzkx.info udp
US 8.8.8.8:53 ykceqzb.info udp
US 8.8.8.8:53 jifbfgmekulq.info udp
US 8.8.8.8:53 ucaiykikac.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 pbahadgtixcd.info udp
US 8.8.8.8:53 qrdruyitlz.net udp
US 8.8.8.8:53 llmddb.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 ykmmwoqg.com udp
US 8.8.8.8:53 mkjeduhctnt.net udp
US 8.8.8.8:53 umoiawp.net udp
US 8.8.8.8:53 hegtublznplj.info udp
US 8.8.8.8:53 pszytk.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 bmnvua.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 aigyemcw.com udp
US 8.8.8.8:53 hkzpted.com udp
US 8.8.8.8:53 mfyrxg.info udp
US 8.8.8.8:53 pvpktot.org udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 bixsfgpgp.com udp
US 8.8.8.8:53 dwjlqunqhs.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 tcbbrpndit.info udp
US 8.8.8.8:53 imkske.com udp
US 8.8.8.8:53 hzalbzhdrp.info udp
US 8.8.8.8:53 qyyuyk.org udp
US 8.8.8.8:53 ieemeucq.com udp
US 8.8.8.8:53 rpoohllexvp.com udp
US 8.8.8.8:53 ekdtyki.net udp
US 8.8.8.8:53 ngtetbb.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 loysptdhyj.net udp
US 8.8.8.8:53 amgugw.org udp
US 8.8.8.8:53 uvbjza.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 wxruzx.net udp
US 8.8.8.8:53 qdzprivtjo.info udp
US 8.8.8.8:53 wrmuxgxgdbbr.info udp
US 8.8.8.8:53 wyhehmlwwax.info udp
US 8.8.8.8:53 fjhlnbctjobf.net udp
US 8.8.8.8:53 waztfdrabjho.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 xamvwzfsfsvg.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 alnuhwuqxy.info udp
US 8.8.8.8:53 jxjerofhghjg.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 zincfebel.org udp
US 8.8.8.8:53 ummugkmsme.org udp
US 8.8.8.8:53 qyxpuyxy.info udp
US 8.8.8.8:53 kkqqeq.com udp
US 8.8.8.8:53 pzpazy.info udp
US 8.8.8.8:53 lwczryuzuz.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 vlpamf.net udp
US 8.8.8.8:53 vkvuhqbijkl.info udp
US 8.8.8.8:53 dfngddb.net udp
US 8.8.8.8:53 nswrjwmeeq.net udp
US 8.8.8.8:53 ooeshqr.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 muykowiw.com udp
US 8.8.8.8:53 ddblqezcaou.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 xkxwpttmvft.info udp
US 8.8.8.8:53 wirjbvrz.net udp
US 8.8.8.8:53 icoefmf.net udp
US 8.8.8.8:53 gmqesegs.com udp
US 8.8.8.8:53 qsvsfhbjr.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 doqarqgasfp.net udp
US 8.8.8.8:53 xusbjccdbo.net udp
US 8.8.8.8:53 tmpwekl.org udp
US 8.8.8.8:53 birmomljzq.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 pyzgbjnc.info udp
US 8.8.8.8:53 rydifzf.org udp
US 8.8.8.8:53 ikhwjyh.net udp
US 8.8.8.8:53 fshmcfdg.info udp
US 8.8.8.8:53 muwtrig.info udp
US 8.8.8.8:53 cmdulxwwdaqh.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 pgionstghi.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 tpngvancxmw.net udp
US 8.8.8.8:53 fdeiwhniz.net udp
US 8.8.8.8:53 lqvcmupko.org udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 fnevgihwf.info udp
US 8.8.8.8:53 reyrarc.com udp
US 8.8.8.8:53 baqsxg.net udp
US 8.8.8.8:53 jdvlzy.net udp
US 8.8.8.8:53 qwcoia.org udp
US 8.8.8.8:53 wduyolxe.info udp
US 8.8.8.8:53 coqciweosg.org udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 suxsigpef.net udp
US 8.8.8.8:53 pybznqvvvb.net udp
US 8.8.8.8:53 bchunsm.org udp
US 8.8.8.8:53 uizcdmsfpnt.info udp
US 8.8.8.8:53 oioqgy.net udp
US 8.8.8.8:53 nrdoetzozo.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 dwflucsi.net udp
US 8.8.8.8:53 nckmvsdjl.info udp
US 8.8.8.8:53 ubyqbwasxwe.info udp
US 8.8.8.8:53 tqgtsupu.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 kqjyyppc.info udp
US 8.8.8.8:53 hrsyexwl.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 tsnmjkpmztx.org udp
US 8.8.8.8:53 xoycwy.net udp
US 8.8.8.8:53 dijizqtcz.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 sanqtmsdeq.info udp
US 8.8.8.8:53 zrwgexnah.org udp
US 8.8.8.8:53 zihutd.info udp
US 8.8.8.8:53 ievelgx.net udp
US 8.8.8.8:53 wruxnatezh.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 ziseiji.org udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 csuuscwyuiau.com udp
US 8.8.8.8:53 motidshsxwz.info udp
US 8.8.8.8:53 zeowlgryfyc.org udp
US 8.8.8.8:53 iqtspglasec.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 mndffardlau.info udp
US 8.8.8.8:53 wilqaggmza.info udp
US 8.8.8.8:53 bifvhoz.info udp
US 8.8.8.8:53 wcktepfxzsju.net udp
US 8.8.8.8:53 dbvftsluv.info udp
US 8.8.8.8:53 raexrqdrdpy.info udp
US 8.8.8.8:53 ikeijxxek.info udp
US 8.8.8.8:53 rdzyyoqyoflm.net udp
US 8.8.8.8:53 dwrljk.net udp
US 8.8.8.8:53 rqoulkpg.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 hkaqkxqu.info udp
US 8.8.8.8:53 xxhnvtyz.net udp
US 8.8.8.8:53 cwbxvgzipyh.net udp
US 8.8.8.8:53 xyykskzkzub.org udp
US 8.8.8.8:53 tkgguxvmt.info udp
US 8.8.8.8:53 rmjgbiuye.info udp
US 8.8.8.8:53 eumpsk.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 fihstkkur.info udp
US 8.8.8.8:53 zuxijcbja.org udp
US 8.8.8.8:53 eugkmayg.org udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 oodmlerpawd.net udp
US 8.8.8.8:53 iweumi.com udp
US 8.8.8.8:53 ysvkcgfttsg.info udp
US 8.8.8.8:53 fbvwpb.net udp
US 8.8.8.8:53 ueuusymkuw.org udp
US 8.8.8.8:53 kkkypwpbl.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 bnrsjsdepoh.net udp
US 8.8.8.8:53 amzddcv.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 lwyvmuzmb.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 pycpvep.com udp
US 8.8.8.8:53 okvcwlctth.info udp
US 8.8.8.8:53 zqziooy.com udp
US 8.8.8.8:53 iewkiumooomq.com udp
US 8.8.8.8:53 tqwree.info udp
US 8.8.8.8:53 qfdxpmtt.net udp
US 8.8.8.8:53 xpzsegmby.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 tbizfhwxur.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 drbhfc.info udp
US 8.8.8.8:53 zwgtfajwykh.net udp
US 8.8.8.8:53 kycaigsmmy.com udp
US 8.8.8.8:53 eaadrqxd.net udp
US 8.8.8.8:53 kmcowosi.com udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 gitwmof.info udp
US 8.8.8.8:53 golykcyqblc.net udp
US 8.8.8.8:53 aywsucwusm.com udp
US 8.8.8.8:53 ddprtfhyz.net udp
US 8.8.8.8:53 bafvdn.net udp
US 8.8.8.8:53 yuxyaj.net udp
US 8.8.8.8:53 pyzjdsrbb.org udp
US 8.8.8.8:53 efjpzbtksn.net udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 esjijdbzn.net udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 bfjnxydetsf.net udp
US 8.8.8.8:53 ewvgtgtcz.net udp
US 8.8.8.8:53 vebnoq.info udp
US 8.8.8.8:53 vpnztjfy.net udp
US 8.8.8.8:53 hbzknyyuhov.net udp
US 8.8.8.8:53 xubrzuto.net udp
US 8.8.8.8:53 pxnhfdsjajsp.net udp
US 8.8.8.8:53 uvrlpzzlaoua.net udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 mtijxgarrzfr.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 guuidyxa.info udp
US 8.8.8.8:53 yuowae.org udp
US 8.8.8.8:53 nxmlsrxdxref.info udp
US 8.8.8.8:53 rcrrjcziaulj.net udp
US 8.8.8.8:53 qrykcnrn.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 iywgaeqigi.com udp
US 8.8.8.8:53 qmcsksqsysos.org udp
US 8.8.8.8:53 hcmwnmds.net udp
US 8.8.8.8:53 lihcfwxxbwf.org udp
US 8.8.8.8:53 labgdiv.info udp
US 8.8.8.8:53 clpbmqu.net udp
US 8.8.8.8:53 lcfohbczqur.info udp
US 8.8.8.8:53 fpcopwh.org udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 qmgmmq.com udp
US 8.8.8.8:53 tvyizhgkxcq.info udp
US 8.8.8.8:53 usljhmfr.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 xqznzwpepzxr.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 jqtspll.info udp
US 8.8.8.8:53 nrsyiebahnki.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 gbkoknhoo.info udp
US 8.8.8.8:53 zjsqnjb.info udp
US 8.8.8.8:53 vdxznunfcncc.net udp
US 8.8.8.8:53 oymqmu.org udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 japwfttpqdzv.net udp
US 8.8.8.8:53 nohbzscdpxpk.info udp
US 8.8.8.8:53 kalsxay.net udp
US 8.8.8.8:53 xyjqsfqfby.info udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 nepggvh.net udp
US 8.8.8.8:53 sikicmuy.com udp
US 8.8.8.8:53 qaqsikmqeiqe.com udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 nynejtzixsbq.net udp
US 8.8.8.8:53 gkhhsscn.info udp
US 8.8.8.8:53 kkfmpkj.net udp
US 8.8.8.8:53 zskmbgb.org udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 ysojtvcxbfap.net udp
US 8.8.8.8:53 iawrmopmffvf.info udp
US 8.8.8.8:53 gbfyjgdh.net udp
US 8.8.8.8:53 cihgpef.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 vrufpwk.info udp
US 8.8.8.8:53 qqgqdavrl.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 cfposwmwhyw.net udp
US 8.8.8.8:53 rexanw.net udp
US 8.8.8.8:53 zynomanwz.net udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 lcfietjyfk.net udp
US 8.8.8.8:53 iicxjoglktfz.info udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 vchbozvhhk.net udp
US 8.8.8.8:53 ielyzqsmqyr.net udp
US 8.8.8.8:53 fldgmozgoa.net udp
US 8.8.8.8:53 gkjdaprfn.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 uoawgiaqye.org udp
US 8.8.8.8:53 bhryjrwtdef.net udp
US 8.8.8.8:53 jadrzal.net udp
US 8.8.8.8:53 pstclaxzafud.net udp
US 8.8.8.8:53 nndwal.net udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 vyhcdioyf.com udp
US 8.8.8.8:53 hgfwjazzz.info udp

Files

memory/708-0-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

MD5 eb09c682903ecbd87f30b0366e008d8f
SHA1 59b0dc27c06ce536327490439a37751a3dbd5e38
SHA256 c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1
SHA512 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d

C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe

MD5 c0a5c6a1916f592a00e891fd8e5c4b36
SHA1 6bf1d27345660089c1bbf1e71f58674e684c5d14
SHA256 32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8
SHA512 75c8ce5234070a6ee08fb41f316bd71776b3b58f9e43e3f4b544732c197a27b5c9d9172632894090b6af7f3f52fdac8efabe8baf41eb855ac817ad34980dbef6

memory/2656-54-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1200-59-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2544-63-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3524-67-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4580-71-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4580-72-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3524-74-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4836-78-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1604-110-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4836-112-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2180-114-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2180-116-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe

MD5 0d0f3fb136b7792c6887b2e120a6edb9
SHA1 50d8bf191f1ae1ff045be94c09ef9b8b311553fc
SHA256 62e25673a8c4b68eef961fda4a08bd82f968adfcfcd8ed820417da129be3541a
SHA512 6b5a06ce31c0091a06d9e886d6484849f92331a3fae5fdd0e2ea59641f648cde6cb3273c1ac35989400ccc2268e4e407c0ec3ac907d518a8d70e9c23ee05c43f

memory/3644-183-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2008-182-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4388-189-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2780-191-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4388-193-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2824-196-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1840-199-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3232-236-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\jlepmkquruiznmlfphtvozwu.ebe

MD5 7e091a7d4e66e883f0cdd207ba2f960a
SHA1 11a9259c0754719f716dbb47779bf9d5122806e2
SHA256 98aa757e397513ae4926d0a5c830e03b04dee28647398c54224306fde0b6b902
SHA512 3e086c2f36d4c597cddcdcc289cc9e8ac40dbb860585163530939b48a0118e71109cc3471ccee421080a61529b126db5b70cabed45b40532a3f1e992916134e9

memory/4260-202-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj

MD5 dc36a32ec6ad763d70205ad17edf27fc
SHA1 9e3b454b5449bb26e9f507762907ef98c2df119d
SHA256 1b8425a21ed36d400c922a856130eb39bb9991c3bf61c19cc2e8eb72763da994
SHA512 357242c0f829ff28523da11597d4556d20929dc4ec097c53f93a611bb26b0899373eb184805ded3c03e46967fb33b9a8e64d881864276a6714ce666d38aecee5

memory/3648-276-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4916-278-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4260-279-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2700-275-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1060-277-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2700-280-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2960-282-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3648-281-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3224-283-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2368-288-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2192-287-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4112-286-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4344-285-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2904-290-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4344-294-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2192-293-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4112-292-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4916-291-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2504-295-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4832-296-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2904-297-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4224-298-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4244-299-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4832-300-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4244-301-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4320-317-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-318-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4972-320-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4836-324-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3260-325-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3140-326-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5068-327-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4828-329-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5068-330-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4392-331-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4828-333-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3772-337-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2252-338-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1896-334-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/872-339-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3248-342-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1896-341-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2180-353-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3248-355-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4552-354-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3772-358-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3972-361-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4832-364-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4552-365-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2980-368-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3532-367-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4124-366-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3132-370-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2504-371-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3972-369-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3276-373-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2180-363-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3132-360-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/560-359-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3476-357-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3764-356-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2524-375-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2980-376-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4652-378-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2524-379-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4652-377-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2072-380-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4188-381-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1756-394-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1864-395-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2768-396-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4892-398-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4892-399-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3784-400-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 15dcb0ea0a5ee5c5a275a3fc1b783331
SHA1 6ebb4b727ce3e18ccfe73da0637f26a342b93c91
SHA256 28493a4e7e6921f83719cdcf9afb6a5e6ba3b4e51e42496fae7c09432efbffb3
SHA512 4849b59dd429df52e981bf0a577f962593818c9c61df43264406e1389c42d065d5fb8ad7188a9be8db4a71b24bff03c51751b5aaa2618a0126c7b71a8dfdce4f

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 aea4631f924c671f16d9851049e10b84
SHA1 2c05c6337d704a288d46cceb6fa440a8030e4e21
SHA256 cb3006b04e15ce6e6113fcaa5cdcfce4c83be64b6ecbc91c968cb79f1a1852d7
SHA512 0d3cae21615c03536b3c9c85470ac9227bc16b02697dbdba4544024a543960fab2711c12857279cd92cfd9184ea6bb6523d17bad08d642f35d343379fd4a90f8

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 65f4a733dc253d0ca19faef2ed2b7328
SHA1 e98be39081671c4d3657c4dacad3012096c421bd
SHA256 db5d17108227b905fd27fdd06815e15ceff69b174501329b03964b457da750a0
SHA512 4ee2c0a1495f6465df420cd495ae961ba3c614f039c7361563440f16d2e2764a38fb2fee8fe63d36b4a0537db2cce2edabe2d59582f15ce0cc7869ea7c5d7ce1

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 39e0a4f83ab360c9b656ef8ebcd05b25
SHA1 3cdbb740ebb95682fcabfbcbc71c4f1899da5439
SHA256 fff51cbc1b159b10bd642c195abee375a69042bfae86027a2700d1f84a924c89
SHA512 49e75d75e3b59f43b5cf8cac465d6c51639afc348190bc19518b16ac8925df8d6db092cf638d5963745d45dbe6abce6b7bd975cbc930608c8439777aca2519e9

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 70e76d578997e0922ce973a193e9a08f
SHA1 1bb9010356631f109c0dabdffca91d1edaa8fed7
SHA256 cfada96852d915407da4606982b66f681db018175524e40882f31dd62fdf10f5
SHA512 3b48c22e513894a5e4da7fae01b3e6cbb8e8255578dab9e4c29486e3115e6768b57ac4f11192604fb44ea0033a9c1a124a9b72d71997d31e30be09e95e381f62

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 565fd8162d041363e5b7af29bdc2598c
SHA1 7303b3f6f34bf1d63a49bc4ce909828ebfd3f7ba
SHA256 ae24969a5c1d3deab21205c45490eb9cfe7f5fedb481d9bb5286ccfa75c0c45d
SHA512 e109452de9d66a3b8f9d38524ea8d832a43084e226394a70bd10c573b2b0dc5eeb367e8d19380a9c1a716f2a79d55f2ce8c6f364151c63a9759caaa5843ed260

C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe

MD5 cd9ca65126f7cddacc2f726c7927abcd
SHA1 2e8f8c5070c1288833c8d889f590983e0423a845
SHA256 00e2aa6d03e66c4f0a9e99e5fd228a68d67ecbcf92d3dcaeda788c46bf86ddc1
SHA512 e2a42bdf5f7b99a10a545fda7defc62094a451557136d68e3bb355d301229cb4c7a15a5bb0a6b41810eb62bfb5227513e4e93ad2f34f9a263aad08f94d32d1c5

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-19 01:29

Reported

2025-04-19 01:31

Platform

win11-20250410-en

Max time kernel

66s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Windows\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\ixpgvneokeovmqezw.exe N/A
N/A N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Windows\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Windows\ixpgvneokeovmqezw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Windows\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Windows\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\ixpgvneokeovmqezw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Windows\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Windows\ctngxrkwuqclekaxwne.exe N/A
N/A N/A C:\Windows\extohdymmkyjemedexqmh.exe N/A
N/A N/A C:\Windows\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
N/A N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\bpgwkbravoxdtwjd.exe N/A
N/A N/A C:\Windows\extohdymmkyjemedexqmh.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "ixpgvneokeovmqezw.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "bpgwkbravoxdtwjd.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "rhasibtebwhphmbxvl.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "rhasibtebwhphmbxvl.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "ixpgvneokeovmqezw.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ctngxrkwuqclekaxwne.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "rhasibtebwhphmbxvl.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "bpgwkbravoxdtwjd.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ixpgvneokeovmqezw.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ctngxrkwuqclekaxwne.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "bpgwkbravoxdtwjd.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ixpgvneokeovmqezw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ctngxrkwuqclekaxwne.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File created C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Program Files (x86)\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File created C:\Program Files (x86)\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File created C:\Windows\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
File opened for modification C:\Windows\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctngxrkwuqclekaxwne.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\extohdymmkyjemedexqmh.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1424 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1424 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1424 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3172 wrote to memory of 3836 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 3172 wrote to memory of 3836 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 3172 wrote to memory of 3836 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 2720 wrote to memory of 2956 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 2720 wrote to memory of 2956 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 2720 wrote to memory of 2956 N/A C:\Windows\system32\cmd.exe C:\Windows\extohdymmkyjemedexqmh.exe
PID 2956 wrote to memory of 3712 N/A C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2956 wrote to memory of 3712 N/A C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2956 wrote to memory of 3712 N/A C:\Windows\extohdymmkyjemedexqmh.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5824 wrote to memory of 5160 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 5824 wrote to memory of 5160 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 5824 wrote to memory of 5160 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 2256 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\phcwojdqpmzjdkbzzrje.exe
PID 2256 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\phcwojdqpmzjdkbzzrje.exe
PID 2256 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\phcwojdqpmzjdkbzzrje.exe
PID 5032 wrote to memory of 2356 N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5032 wrote to memory of 2356 N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5032 wrote to memory of 2356 N/A C:\Windows\phcwojdqpmzjdkbzzrje.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5244 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
PID 5244 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
PID 5244 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
PID 4148 wrote to memory of 5616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
PID 4148 wrote to memory of 5616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
PID 4148 wrote to memory of 5616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
PID 5616 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5616 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5616 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1140 wrote to memory of 424 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 1140 wrote to memory of 424 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 1140 wrote to memory of 424 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 3868 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 3868 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 3868 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
PID 1052 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1052 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1052 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4188 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 4188 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 4188 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 4188 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 4188 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 4188 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
PID 3560 wrote to memory of 3748 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 3560 wrote to memory of 3748 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 3560 wrote to memory of 3748 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 4876 wrote to memory of 6064 N/A C:\Windows\system32\cmd.exe C:\Windows\ctngxrkwuqclekaxwne.exe
PID 4876 wrote to memory of 6064 N/A C:\Windows\system32\cmd.exe C:\Windows\ctngxrkwuqclekaxwne.exe
PID 4876 wrote to memory of 6064 N/A C:\Windows\system32\cmd.exe C:\Windows\ctngxrkwuqclekaxwne.exe
PID 5760 wrote to memory of 4780 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 5760 wrote to memory of 4780 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 5760 wrote to memory of 4780 N/A C:\Windows\system32\cmd.exe C:\Windows\rhasibtebwhphmbxvl.exe
PID 5444 wrote to memory of 5584 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 5444 wrote to memory of 5584 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 5444 wrote to memory of 5584 N/A C:\Windows\system32\cmd.exe C:\Windows\ixpgvneokeovmqezw.exe
PID 4780 wrote to memory of 1960 N/A C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
PID 4780 wrote to memory of 1960 N/A C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
PID 4780 wrote to memory of 1960 N/A C:\Windows\rhasibtebwhphmbxvl.exe C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
PID 5584 wrote to memory of 3824 N/A C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5584 wrote to memory of 3824 N/A C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5584 wrote to memory of 3824 N/A C:\Windows\ixpgvneokeovmqezw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5468 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ehnsv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\ehnsv.exe

"C:\Users\Admin\AppData\Local\Temp\ehnsv.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Users\Admin\AppData\Local\Temp\ehnsv.exe

"C:\Users\Admin\AppData\Local\Temp\ehnsv.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe

C:\Windows\bpgwkbravoxdtwjd.exe

bpgwkbravoxdtwjd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Windows\ctngxrkwuqclekaxwne.exe

ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\ixpgvneokeovmqezw.exe

ixpgvneokeovmqezw.exe .

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .

C:\Windows\extohdymmkyjemedexqmh.exe

extohdymmkyjemedexqmh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."

C:\Windows\phcwojdqpmzjdkbzzrje.exe

phcwojdqpmzjdkbzzrje.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\rhasibtebwhphmbxvl.exe

rhasibtebwhphmbxvl.exe .

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe

C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
NL 185.15.59.224:80 www.wikipedia.org tcp
NL 173.194.69.190:80 www.youtube.com tcp
PK 111.119.182.129:20999 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
PK 111.119.182.129:20999 tcp
US 8.8.8.8:53 oclyxabqdbz.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 kwhfxq.info udp
US 8.8.8.8:53 vanzav.net udp
US 8.8.8.8:53 swuekicoiu.com udp
US 199.59.243.228:80 comisi.com tcp
US 8.8.8.8:53 wrcbgitqjnxa.info udp
US 8.8.8.8:53 ncdhnsz.info udp
US 8.8.8.8:53 yowoulfwf.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 swpbqsnleyfb.net udp
US 8.8.8.8:53 zreqsbv.org udp
US 8.8.8.8:53 uyydfe.info udp
US 8.8.8.8:53 nqfojqz.org udp
US 8.8.8.8:53 tqbqdwkdf.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 ycrnnnwsorvo.net udp
US 8.8.8.8:53 jyoilfcd.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 ncnzlurkrmw.com udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 ogjqwjjxx.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 isagwi.com udp
US 8.8.8.8:53 jcdslcegesd.org udp
US 8.8.8.8:53 iswlnjjvvnqh.net udp
US 8.8.8.8:53 jxvgxgln.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 cyngzkvw.info udp
US 8.8.8.8:53 giaoessyos.com udp
US 8.8.8.8:53 vsoboojmbxrz.info udp
US 8.8.8.8:53 nuzuulykeifs.info udp
US 8.8.8.8:53 bxfzufriah.info udp
US 8.8.8.8:53 whsibhhzjbbm.info udp
US 8.8.8.8:53 owwcgssgyuka.com udp
US 8.8.8.8:53 rpbwgeewrps.com udp
US 8.8.8.8:53 kkykoukuky.org udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 oqmmyueaug.org udp
US 8.8.8.8:53 kreuso.net udp
US 8.8.8.8:53 sugqmm.org udp
US 8.8.8.8:53 wgwmqauo.com udp
US 8.8.8.8:53 kmngqxrohyi.info udp
US 8.8.8.8:53 hzogmhvbfq.net udp
US 8.8.8.8:53 nahghujn.net udp
US 8.8.8.8:53 xmregiguhct.net udp
US 8.8.8.8:53 oemwdzun.info udp
US 8.8.8.8:53 jcruryrst.com udp
US 8.8.8.8:53 pyrdzifabltr.net udp
US 8.8.8.8:53 qbtulgmyhpxg.info udp
US 8.8.8.8:53 imcikxmme.info udp
US 8.8.8.8:53 wuioyy.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 cihnqxlwrk.info udp
US 8.8.8.8:53 vrekxutpkphm.info udp
US 8.8.8.8:53 enkvjquggwue.info udp
US 8.8.8.8:53 xehonlu.com udp
US 8.8.8.8:53 iqvcyghxogn.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 lcbjrwnm.info udp
US 8.8.8.8:53 wxykvliwqcwr.info udp
US 8.8.8.8:53 sesmicgcaq.org udp
US 8.8.8.8:53 lthtvmtoplf.info udp
US 8.8.8.8:53 oonjzybwr.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 zpwufkgaqb.info udp
US 8.8.8.8:53 wntwidpgca.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 bpxvzgskmyuj.net udp
US 8.8.8.8:53 nuzafmbad.com udp
US 8.8.8.8:53 qotwhe.net udp
US 8.8.8.8:53 qzhwtku.net udp
US 8.8.8.8:53 nwvktd.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 perqgvq.com udp
US 8.8.8.8:53 zvasripw.info udp
US 8.8.8.8:53 rqoulkpg.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 bcccuxtmludh.net udp
US 8.8.8.8:53 trnyvjufjcuu.net udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 glieztpkor.net udp
US 8.8.8.8:53 ccbxzvdsmiqi.info udp
US 8.8.8.8:53 kwohyylm.info udp
US 8.8.8.8:53 igiofsd.info udp
US 8.8.8.8:53 oaiyscuq.com udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 ueuusymkuw.org udp
US 8.8.8.8:53 euaymoyamg.com udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 qodbvgdut.net udp
US 8.8.8.8:53 defslfp.org udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 xomqzazuxbj.net udp
US 8.8.8.8:53 wxekxldunjwt.info udp
US 8.8.8.8:53 etjdbylvlt.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 pycpvep.com udp
US 8.8.8.8:53 icscky.org udp
US 8.8.8.8:53 xsbzrlxbxixo.info udp
US 8.8.8.8:53 notkpcbghwp.com udp
US 8.8.8.8:53 mgvzzejohy.net udp
US 8.8.8.8:53 wmxlxnofqrtg.net udp
US 8.8.8.8:53 akeiysmc.org udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 fonerog.net udp
US 8.8.8.8:53 fjzstem.info udp
US 8.8.8.8:53 spxnopqwp.info udp

Files

memory/1424-0-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

MD5 eb09c682903ecbd87f30b0366e008d8f
SHA1 59b0dc27c06ce536327490439a37751a3dbd5e38
SHA256 c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1
SHA512 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d

C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe

MD5 c0a5c6a1916f592a00e891fd8e5c4b36
SHA1 6bf1d27345660089c1bbf1e71f58674e684c5d14
SHA256 32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8
SHA512 75c8ce5234070a6ee08fb41f316bd71776b3b58f9e43e3f4b544732c197a27b5c9d9172632894090b6af7f3f52fdac8efabe8baf41eb855ac817ad34980dbef6

memory/3836-54-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2956-57-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5160-61-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4436-70-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5616-74-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5032-68-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5616-76-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/424-80-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1052-108-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1052-110-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ehnsv.exe

MD5 243375f59d241de2599f96a2d2a981e6
SHA1 63ace0e1d77d2194065fee1a491691d9019d7844
SHA256 f00fad1fb2043952e62a851f08e5da302225810b3e1cde7380c650cd599fca33
SHA512 a5bf934d46d6c26f2c986bf78e8f797bd551b42a980476c4e29bfd5d52d0f345017662df3de27230a94844239641dc0cee610887171ed79e4d1eff03c556f854

memory/6064-184-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3748-180-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4780-186-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5584-189-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4780-191-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3492-195-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/6128-199-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1784-202-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5740-204-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2272-209-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1784-210-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/888-212-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2984-208-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5584-194-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/124-214-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Users\Admin\AppData\Local\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb

MD5 4074d34fb991cded5080de3710bc5aba
SHA1 6dd5b930e0170ea1b22bb2dbf36c5fb577064f80
SHA256 cea18ca806f9fe0ca9b0b6cba0e96b652300b67b1e011da5bd0e098a8601c2dc
SHA512 04005ac21812547a67a8f654236819bc15ba563df870cb5c4fd72c4d015c1d7bb14e4b0346e043e0acd3b48e0e7c1d8172e8915f9bde4c53695a396051de3b9b

C:\Users\Admin\AppData\Local\fdeecddwbexnnaxbhfdeec.dwb

MD5 80c95ee800ee31f3890883753740bec6
SHA1 c0baabb85257555d79fe13008a2c6d2aaf228d34
SHA256 e29a3ec176d01fcbf44126eb1287e0e0c8e8a675f4141d83f7333ad6c393ee84
SHA512 724329076cf1d299e313165cc529168b90fc354babc4c9cbd44b5d48a1265d365e139c0a0bf245eacfb0eeeb75255b7e13de0bec672e59f029e84fd0784938df

memory/888-243-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5740-242-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5948-244-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/124-257-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4580-258-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4580-259-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4692-262-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5452-261-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4692-263-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1220-264-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4936-266-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2720-268-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5036-270-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/824-271-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3444-272-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4972-274-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4972-273-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/576-275-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5128-291-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5128-292-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5248-294-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4104-296-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4104-297-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3476-299-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3476-300-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4672-302-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1960-304-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5656-306-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3492-307-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2628-309-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5992-311-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5992-312-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3492-314-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5656-313-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5848-316-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1956-318-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2924-320-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4984-321-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/6132-334-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5988-339-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2788-338-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2924-340-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2612-337-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5988-342-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1552-341-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2788-349-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2720-351-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5792-348-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2796-347-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5720-346-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1884-344-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5568-343-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5568-335-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4580-336-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2128-353-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5792-355-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2720-357-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/580-358-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5600-359-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/580-360-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1552-354-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3160-361-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3160-362-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/5144-363-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4836-364-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3804-380-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3356-382-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3284-384-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/4880-386-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/236-387-0x0000000000400000-0x00000000004D7000-memory.dmp

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 c40d7df93369c6ee19152cd6322271ed
SHA1 a98f60c471a7179950c5f7cf8494bdd41eb0a802
SHA256 5fd4412fe7cf895a9d97e456fa14e3769ebbd9f372aeacdcda5662b469b7dc58
SHA512 b1a01a7e212be60469bc1f0815d11f263c431810b7497c38527c07dc94cdbf2f3396df443eb42f92dcde81bfda9861ac524f0605e9a3c26bca83a4c0340e14f5

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 a1726c21271773122d2ced5cf413cc46
SHA1 27be3e8de15ce2d8124bab0f9f8f815e6289379c
SHA256 de01b6047784000628fd13b546e777017e56e77210bb099802a4b95c3ad18be1
SHA512 0d8181036944c4bdecfca00ad4eb8ecb334d0fac3a9bf28e4912888ce86f8749855aaf0d9414b70d4fd26521feaa40f8d4b3a9d1a8e079c4c25a73e3e5155aef

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 6331a3221584e2eeb8dea47a42c24b04
SHA1 360bde151cc4240fe64f8d4bcc1fdd2478ae8b9f
SHA256 d4a966d4e8f99ee0bc5b4bbadb9bc7e2463aeaa78c3a818bf71070d3423ce9fd
SHA512 19352b915ddf1e0e421717c5f71136292ebb05f38c03dde7d5aa43f04112f4d1e899bf23e0a275ab590adb401b8e7dc69767712cd9b28ffb99b135d5d858857e

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 95f1567b8c2f39854ef2a85fea7f0312
SHA1 60beec1dc4badf2405275858c9511c58df90ac14
SHA256 5792f7052c6f24e55f2e4bc66626d4ba9f66e984ce78e4a80dd6d6e3f60beb39
SHA512 10336644cf7cb0ee7a877d697e2beb3eeb6ff27fc071c6804afb9a35205027a608adf57dcaa9bbcd167a208a70fbfc04e3b0afda846f070500721d32b8f2ac3a

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 36a8eaad612ea741e2c5ece0d39209d0
SHA1 7535b01f25639f7665f176c19f24338d41955807
SHA256 22bb391fe7d7cc34c37bff89bb8771d33d32543e618a195ade1ef1013d8ae67f
SHA512 9ba3cffce619255ddcdc834060d81c3e0abacf3037aa3c6e7a160793ec50d65124255b72813f0fb9345a97c61edb494bd8984194d5fd8e81c7020ba88e1aae9a

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 1dc5a5716b251634c7fcce324eafbe4f
SHA1 8fe279350e03a374265aabb618d9bd229ad7da42
SHA256 f1eff57c0ecb4f27bb9d80c9518c4695d435e3a58e4d6c5072131533c2d9b2e9
SHA512 b08263d78597fa71f4e4a47c53dca499cfeac25ccb7debab58f57f8eef485665cfdbf0309c60e5e730800467dd2f47572a6c185102ae6fb19003f65327800ab9

C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb

MD5 ccbe3d50385b747c19d473828b8b1b3f
SHA1 0cf107aa77c0d01b7dc76355c98c0c555834cfe1
SHA256 db0082f251d2bbe18922f7cfcd8cfe38e312e14abd9144fc296d27c3f8b205b2
SHA512 04690e680d7216848a7348b737bb782a67438d0911b9265187b5cd347f35f2557a65a277b95c8609feb3702e6b3470edb506b7484fe30b440ce2f45d15b15112